MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-9263	Out-of-bounds read in Bluetooth Controller ISOAL framed RX reassembly leaks adjacent memory into host HCI ISO packets_CVE-2026-9263 The Zephyr Bluetooth controller ISO Adaptation Layer (subsys/bluetooth/controller/ll_sw/isoal.c) fails to validate the length field of a framed ISO...	zephyrproject	zephyr 3.3.0	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-43713	CVE-2026-43713_CVE-2026-43713 A permissions issue was addressed with additional restrictions. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26....	Apple	Safari	Jun 29, 2026	CVE
MEDIUM 6.1	CVE-2026-52760	Apache ActiveMQ, Apache ActiveMQ Web Console: Stored XSS via Unescaped values in ActiveMQ Web Console_CVE-2026-52760 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache ActiveMQ, Apache ActiveMQ Web Console....	Apache Software Foundation	Apache ActiveMQ	Jun 30, 2026	CVE
MEDIUM 5.9	CVE-2026-57082	Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG_CVE-2026-57082 Net::BitTorrent versions through 2.0.1 for Perl generate the MSE Diffie-Hellman private key with a non-cryptographic PRNG. The MSE (Message Stream...	SANKO	Net::BitTorrent	Jun 30, 2026	CVE
MEDIUM 5.4	CVE-2025-53648	Apache Gravitino: SQL misconfiguration can access or truncate files_CVE-2025-53648 SQL misconfiguration in the Gravitino UI, in versions 1.0.0 and below, can allow a malicious user to read or truncate files. Users are recommended ...	Apache Software Foundation	Apache Gravitino 0.5.0	Jun 30, 2026	CVE
MEDIUM 5.4	CVE-2026-48192	CVE-2026-48192_CVE-2026-48192 A vulnerability has been identified in Mendix Studio Pro 10.11 (All versions), Mendix Studio Pro 10.12 (All versions), Mendix Studio Pro 10.13 (All...	Siemens	Mendix Studio Pro 10.11	Jun 30, 2026	CVE
MEDIUM 6.9	CVE-2026-44947	Stale PSA ClusterRoleBinding Persists After RoleTemplate Downgrade in Rancher_CVE-2026-44947 A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 a...	SUSE	Rancher 2.13.0	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-27956	Coolify: Cross-team application domain enumeration via domains_by_server endpoint_CVE-2026-27956 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, `GET /api/v1/servers/{...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 6.6	CVE-2026-27955	Coolify: Command Injection via Single-Quote Breakout in `executeInDocker()`_CVE-2026-27955 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the executeInDocker() ...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE
MEDIUM 5	CVE-2026-27883	Coolify: IDOR in Deployment API – Cross-Team Deployment Information Disclosure_CVE-2026-27883 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the `GET /api/v1/deplo...	coollabsio	coolify < 4.0.0-beta.464	Jun 30, 2026	CVE