MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-9162	Global session revocation does not invalidate active WebSocket connections_CVE-2026-9162 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-7167	Multiple vulnerabilities in the Assassin game by Gaudire_CVE-2026-7167 The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fak...	Gaudire	Assassin game last version	Jun 22, 2026	CVE
MEDIUM 6.4	CVE-2026-6673	Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install_CVE-2026-6673 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 4.4	7DF60A36-5B48-	Exploit for CVE-2026-2002_7DF60A36-5B48-59EB-A46D-66756D01D7E4 Sumary The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
MEDIUM 6.4	CVE-2026-6062	IDOR in Jira plugin subscription edit endpoint_CVE-2026-6062 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-5139	GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration_CVE-2026-5139 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-56450	AIL Framework – Missing Rate Limiting Enables Brute-Force Attacks Against Two-Factor Authentication Codes_CVE-2026-56450 AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification st...	ail project	ail framework	Jun 22, 2026	CVE
MEDIUM 4.3	MS:CVE-2026-12446	Chromium: CVE-2026-12446 Insufficient data validation in Passwords_MS:CVE-2026-12446 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.4	CVE-2026-10601	Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access_CVE-2026-10601 The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, ena...	Grafana	Grafana OSS 11.6.0	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2025-33128	IBM Engineering Lifecycle Management – Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed_CVE-2025-33128 IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting....	IBM	Engineering Workflow Management 7.0.3	Jun 22, 2026	CVE