MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.4	CVE-2026-11356	Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings_CVE-2026-11356 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_c...	vinod-dalvi	Ivory Search – WordPress Search Plugin	Jun 27, 2026	CVE
MEDIUM 5.5	CVE-2025-59868	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure_CVE-2025-59868 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit applic...	HCLSoftware	Traveler for Microsoft Outlook <3.0.15	Jun 27, 2026	CVE
MEDIUM 4.3	MS:CVE-2026-12469	Chromium: CVE-2026-12469 Uninitialized Use in GPU_MS:CVE-2026-12469 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 6.4	CVE-2026-52781	OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/work_packages via POST parameter “description”_CVE-2026-52781 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants elements unrestricted dat...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-52779	OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projects_CVE-2026-52779 OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusi...	opf	openproject < 17.3.3	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-55838	RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics_CVE-2026-55838 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metric...	rustfs	rustfs <= 1.0.0-beta.7	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-49355	OpenProject: Private work package data disclosure through single meeting agenda item API_CVE-2026-49355 OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id`...	opf	openproject < 17.4.0	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-44736	OpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package Subjects_CVE-2026-44736 OpenProject is open-source, web-based project management software. Prior to 17.4.0, the GET /api/v3/relations endpoint allows any authenticated use...	opf	openproject < 17.4.0	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-44735	OpenProject: Shares API Information Disclosure_CVE-2026-44735 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share detail...	opf	openproject < 17.3.2	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-44734	OpenProject: Improper Access Control on OpenProject through the POST request to /projects/[PROJECT_NAME]/cost_reports/[REPORT_ID]/rename_CVE-2026-44734 OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, a Missing Authorization vulnerability exists in Open...	opf	openproject < 17.3.2	Jun 26, 2026	CVE