MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-56774	Kanboard – Cross-User Deletion of Persistent Login Sessions via Unvalidated Session ID_CVE-2026-56774 Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to...	kanboard	kanboard	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56772	NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint_CVE-2026-56772 NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplyi...	samuelclay	NewsBlur	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-56771	NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint_CVE-2026-56771 NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make...	samuelclay	NewsBlur	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-56769	Huly Platform – Server-Side Request Forgery via /import Endpoint_CVE-2026-56769 Huly Platform before commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that a...	hcengineering	platform	Jun 25, 2026	CVE
MEDIUM 5.8	CVE-2026-54250	K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression_CVE-2026-54250 K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerabilit...	k3s-io	k3s >= 1.35.0-rc1+k3s1, < 1.35.3+k3s1	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-54093	File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames_CVE-2026-54093 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54092	File Browser: DoS Vulnerability on Public Login API_CVE-2026-54092 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-46611	Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack_CVE-2026-46611 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/ser...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2025-60468	CVE-2025-60468_CVE-2025-60468 GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a d...	n/a	n/a n/a	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2025-60473	CVE-2025-60473_CVE-2025-60473 A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attac...	n/a	n/a n/a	Jun 24, 2026	CVE