MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-53428	Unbounded memory allocation in highlight_lines range expansion in mdex_CVE-2026-53428 Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through...	leandrocp	mdex 0.11.0	Jun 29, 2026	CVE
MEDIUM 6.2	CVE-2026-13757	P11-kit: stack exhaustion via unbounded recursion in rpc attribute parsing_CVE-2026-13757 A flaw was found in p11-kit. The RPC message attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_va...	Red Hat	Red Hat Enterprise Linux 10	Jun 29, 2026	CVE
MEDIUM 5.1	CVE-2026-54889	Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)_CVE-2026-54889 Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL s...	leandrocp	mdex 0.8.3	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-54888	Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex_CVE-2026-54888 Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir ...	leandrocp	mdex 0.3.0	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-53429	Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service_CVE-2026-53429 Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered docum...	leandrocp	mdex 0.11.0	Jun 29, 2026	CVE
MEDIUM 5.1	CVE-2026-57958	Mixpost 2.6.0 – Reflected XSS via OAuth Callback Error Parameter_CVE-2026-57958 Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript...	inovector	mixpost	Jun 29, 2026	CVE
MEDIUM 6.1	CVE-2026-57956	SigNoz 0.130.1 – Cross-Organization Insecure Direct Object Reference in Alert Rules_CVE-2026-57956 SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by...	SigNoz	signoz	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57954	Elide 7.1.17 – Permission Bypass in Sort Expression Validation_CVE-2026-57954 Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers t...	yahoo	elide	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57953	Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint_CVE-2026-57953 Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write ...	its-a-feature	Mythic	Jun 29, 2026	CVE
MEDIUM 6	CVE-2026-57952	Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID_CVE-2026-57952 Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_ru...	its-a-feature	Mythic	Jun 29, 2026	CVE