MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54036	LibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP Verification_CVE-2026-54036 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.7	CVE-2026-4522	CVE-2026-4522_CVE-2026-4522 Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYP...	HYPR	Passwordless	Jun 25, 2026	CVE
MEDIUM 5.5	8FA4E1EF-9BCF-	Exploit for CVE-2025-61155_8FA4E1EF-9BCF-5027-85E0-2F420F5171B6 CVE-2025-61155 — Arbitrary Process Termination in GameDriverX64.sys A signed kernel-mode anti-cheat driver — GameDriverX64.sys, shipped with Tower ...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
MEDIUM 4.3	CVE-2026-42005	Insufficient input validation of internal web server_CVE-2026-42005 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The intern...	PowerDNS	Authoritative 4.9.0	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-54226	Apache Kvrocks: RESTORE IntSet Integer Overflow Leads to Remote DoS_CVE-2026-54226 A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16...	Apache Software Foundation	Apache Kvrocks 2.6.0	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-46751	Apache Kvrocks: Does not remove the unsafe loadstring function from its Lua sandbox, allowing a user who can run EVAL scripts to load crafted, unvalidated bytecode that crashes the server process, resulting in a remote denial of service._CVE-2026-46751 A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16...	Apache Software Foundation	Apache Kvrocks 2.2.0	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-56129	CVE-2026-56129_CVE-2026-56129 Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A l...	Dynabook Inc.	Generic IO & Memory Access driver all versions	Jun 25, 2026	CVE
MEDIUM 4.4	CVE-2026-8330	Insertion of Sensitive Information into Log File in GitLab_CVE-2026-8330 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that unde...	GitLab	GitLab 9.3	Jun 25, 2026	CVE
MEDIUM 4.3	CVE-2026-5952	Incorrect Authorization in GitLab_CVE-2026-5952 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that un...	GitLab	GitLab 17.11	Jun 25, 2026	CVE
MEDIUM 4.3	CVE-2026-5796	Incorrect Authorization in GitLab_CVE-2026-5796 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that und...	GitLab	GitLab 13.6	Jun 25, 2026	CVE