MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-56301	Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301 Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abs...	Nuxt	Nuxt 4.0.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-56275	Flowise – Server-Side Request Forgery via Execute Flow Base URL_CVE-2026-56275 Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validat...	Flowise	Flowise	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-56263	Crawl4AI – Stored Cross-Site Scripting in Monitor Dashboard_CVE-2026-56263 Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via ...	Crawl4AI	Crawl4AI	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56234	Capgo – Password Spraying via Public-Key Accessible Credential Validation Endpoint_CVE-2026-56234 Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that i...	Capgo	Capgo	Jun 23, 2026	CVE
MEDIUM 6.4	CVE-2026-4610	ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content_CVE-2026-4610 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_messag...	metagauss	ProfileGrid – User Profiles, Groups and Communities	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-10857	Reflected XSS in Akinsoft’s e-Commerce_CVE-2026-10857 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry...	AKIN Software Computer Import Export Industry and Trade Ltd.	e-Commerce	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-4983	CVE-2026-4983_CVE-2026-4983 Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml withou...	Eclipse Foundation	Eclipse Open VSX 0.1.0	Jun 23, 2026	CVE
MEDIUM 5	CVE-2026-55655	Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions_CVE-2026-55655 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possib...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-55653	Openssh: double free in red hat enterprise linux versions of openssh dh-gex client path during fips known-group validation leads to client-side denial of service_CVE-2026-55653 A flaw was found in OpenSSH. A malicious SSH server can exploit a double free vulnerability in the Diffie-Hellman Group Exchange (DH-GEX) client pa...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 4.9	CVE-2026-10645	fs: ext2: Missing structural validation of directory entries can cause out-of-bounds read and zero-progress directory traversal_CVE-2026-10645 Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversa...	zephyrproject-rtos	Zephyr *	Jun 22, 2026	CVE