MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-50519	Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability_CVE-2026-50519 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:28:35.395Z”,&#82...	Microsoft	GitHub Copilot Chat 1.0.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-42895	Microsoft Copilot Tampering Vulnerability_CVE-2026-42895 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:27:46.785Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-49359	PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option_CVE-2026-49359 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-49271	libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder_CVE-2026-49271 libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compress...	strukturag	libheif < 1.22.1	Jun 19, 2026	CVE
MEDIUM 5.5	CVE-2026-49336	@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter_CVE-2026-49336 @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-previe...	microsoft	kiota-typescript >= 1.0.0-preview.97, < 1.0.0-preview.102	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-49288	Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources_CVE-2026-49288 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view ...	statamic	cms < 5.73.23	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12238	WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation_CVE-2026-12238 The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. ...	wpgmaps	WP Go Maps – Google Map, OpenStreetMap, Leaflet Map	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-27878	Tempo TraceQL query with exemplar hint could result in unbounded memory usage_CVE-2026-27878 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resultin...	Grafana	Enterprise Traces (GET) 2.6.1	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-12726	Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential_CVE-2026-12726 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.status...	Red Hat	Red Hat Ansible Automation Platform 2	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12622	Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server_CVE-2026-12622 The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: fr...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE