MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-57921	CVE-2026-57921_CVE-2026-57921 In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint	JetBrains	YouTrack	Jun 26, 2026	CVE
MEDIUM 6.7	CVE-2026-53914	CVE-2026-53914_CVE-2026-53914 In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata	JetBrains	Kotlin	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-13426	Client4 fails to validate path parameters_CVE-2026-13426 The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API r...	Mattermost	github.com/mattermost/mattermost/server/public v0.0.0	Jun 26, 2026	CVE
MEDIUM 5.4	0D5ACD84-8796-	Exploit for Cross-site Scripting in Docmost_0D5ACD84-8796-5644-A05C-46FADC4B35D4 CVE-2026-34212 Docmost accepted a javascript: URL inside an attachment node, preserved it through storage and rendering, and turned it back into a ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
MEDIUM 5.4	0A738D4C-E642-	Exploit for Authorization Bypass Through User-Controlled Key in Docmost_0A738D4C-E642-58D3-988B-4E964946EC66 CVE-2026-34213 A low-privileged Docmost user could supply a victim attachmentId to the generic upload endpoint and overwrite another page's stored ...	N/A	N/A	Jun 26, 2026	GITHUBEXPLOIT
MEDIUM 5.3	CVE-2025-10268	Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal_CVE-2025-10268 The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible ...	Unknown	Printcart Web to Print Product Designer for WooCommerce	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-57620	WordPress Exclusive Addons Elementor plugin <= 2.7.9.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57620 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tim Strifler Exclusive Addons Elementor allow...	Tim Strifler	Exclusive Addons Elementor n/a	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-6658	Cross-site Scripting (XSS) in jupyter/nbconvert_CVE-2026-6658 A vulnerability in jupyter/nbconvert versions	jupyter	jupyter/jupyter unspecified	Jun 26, 2026	CVE
MEDIUM 5.8	CVE-2026-57473	CVE-2026-57473_CVE-2026-57473 A vulnerability exists in the netclient and factory services of Reolink Home Hub (versions prior to v3.3.0.456_26031911) due to the possibility of ...	Reolink	Home Hub	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-1869	User Registration & Membership <= 5.2.0 - Missing Authorization to Unauthenticated Payment Bypass_CVE-2026-1869 The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Bu...	wpeverest	User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	Jun 26, 2026	CVE