MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-54530	pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction_CVE-2026-54530 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an...	py-pdf	pypdf < 6.13.0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-49461	pypdf: Possible large memory usage for form XObjects during text extraction_CVE-2026-49461 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to la...	py-pdf	pypdf < 6.12.2	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-49460	pypdf: Inefficient decoding of FlateDecode PNG predictor streams_CVE-2026-49460 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to lo...	py-pdf	pypdf < 6.12.2	Jun 22, 2026	CVE
MEDIUM 5.8	CVE-2026-47242	Net::IMAP: Command Injection via ID command argument_CVE-2026-47242 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called w...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
MEDIUM 5.8	CVE-2026-47240	Net::IMAP: Command Injection via non-synchronizing literal in “raw” argument_CVE-2026-47240 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands ac...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-41479	Authlib OAuth 2.0 authorization endpoint open redirects to attacker-controlled redirect_uri on unsupported response_type_CVE-2026-41479 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.10 and 1.7.1, Authlib's OAuth 2.0 authorization endpoint ca...	authlib	authlib < 1.6.10	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56698	Nuxt – Cross-Site Scripting via navigateTo open Option_CVE-2026-56698 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side scr...	Nuxt	Nuxt 4.0.0	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56697	Nuxt – Open Redirect via Protocol-Relative Paths in reloadNuxtApp_CVE-2026-56697 Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass ...	Nuxt	Nuxt 4.0.0	Jun 22, 2026	CVE
MEDIUM 6.3	CVE-2026-56357	n8n – Webhook Forgery via Missing HMAC-SHA256 Signature Verification in GitHub Webhook Trigger_CVE-2026-56357 n8n before 1.123.15 and 2.5.0 contains a webhook forgery vulnerability in the GitHub Webhook Trigger node that fails to implement HMAC-SHA256 signa...	n8n	n8n	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-56348	n8n – Credential Exfiltration via Allowed HTTP Request Domains Bypass in Dynamic Node Parameters Endpoint_CVE-2026-56348 n8n before 2.20.0 contains a credential exfiltration vulnerability in the POST /rest/dynamic-node-parameters/options endpoint that allows authentic...	n8n	n8n	Jun 22, 2026	CVE