MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-12621	Cross-Site Scripting (XSS) Vulnerability in Password Reset Redirect in GridTime™ 3000 GNSS Time Server_CVE-2026-12621 Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue a...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 4.6	CVE-2026-12620	Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server_CVE-2026-12620 The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 5.1	CVE-2026-12619	GridTime™ 3000 GNSS Time Server CSRF to XSS_CVE-2026-12619 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip GridTime 3000 allows Cross-S...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 5.5	CVE-2026-3196	Qemu-kvm: virtio-snd: integer overflow leading to unbounded memory allocation_CVE-2026-3196 An integer overflow vulnerability was found in the virtio-snd device via PCM_INFO requests from the guest. A malicious guest can provide out-of-bou...	N/A	N/A 8.2.0	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-55205	Hermes WebUI < 0.51.468 - Resource Exhaustion via Unauthenticated OAuth Flow Endpoint_CVE-2026-55205 Hermes WebUI before 0.51.468 contains a resource exhaustion vulnerability in the unauthenticated POST /api/onboarding/oauth/start endpoint that all...	nesquena	hermes-webui	Jun 18, 2026	CVE
MEDIUM 4.7	CVE-2026-54106	U.S. GAO EPDS and CBCA EDS network access control bypass_CVE-2026-54106 The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic...	Government Accountability Office	Electronic Protest Docketing System (EPDS)	Jun 18, 2026	CVE
MEDIUM 6.9	CVE-2026-54105	U.S. GAO EPDS and CBCA EDS user information disclosure_CVE-2026-54105 The U.S. Government Accountability Office (GAO) Electronic Protest Docketing System (EPDS) and Civilian Board of Contract Appeals (CBCA) Electronic...	Government Accountability Office	Electronic Protest Docketing System (EPDS)	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-11982	Stored XSS via missing XSS safety check in Admin2 Pages API partial validation_CVE-2026-11982 Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.	Grav	grav-plugin-api 1.7.52	Jun 18, 2026	CVE
MEDIUM 4.7	CVE-2026-48986	pam_usb: Infinite loop DoS in process-tree walk when parent process exits during authentication_CVE-2026-48986 pam_usb provides hardware authentication for Linux using removable media. In pam_usb 0.9.1 and earlier, usb_get_process_parent_id() can cause an in...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE
MEDIUM 5.5	CVE-2026-48985	pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field_CVE-2026-48985 pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusb_is_loginctl_local() can cause ...	mcdope	pam_usb < 0.9.2	Jun 18, 2026	CVE