MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-48988	markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations_CVE-2026-48988 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to qua...	markdown-it	markdown-it < 14.2.0	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48821	Shaarli: DOM-based Cross-Site Scripting (XSS) in Thumbnail Synchronizer_CVE-2026-48821 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail ...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.5	7C677A10-9FA7-	Exploit for Path Traversal in Microsoft_7C677A10-9FA7-51FB-8E47-4CC7BE2CF1F8 NimbusPwn — networkd-dispatcher 📜 Description A C PoC for NimbusPwn, a local privilege escalation in networkd-dispatcher. An unprivileged user cla...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
MEDIUM 5.9	CVE-2026-9679	undici vulnerable to HTTP header injection via Set-Cookie percent-decoding_CVE-2026-9679 Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and...	undici	undici	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-9678	undici vulnerable to cross-user information disclosure via shared cache whitespace bypass_CVE-2026-9678 Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded...	undici	undici 7.0.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-48591	Stored XSS via unescaped HTML attribute values in earmark_CVE-2026-48591 Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HT...	pragdave	earmark 1.4.1	Jun 17, 2026	CVE
MEDIUM 6.1	CVE-2026-30799	Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing._CVE-2026-30799 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affec...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
MEDIUM 6	CVE-2026-2675	Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data._CVE-2026-2675 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-2674	Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers._CVE-2026-2674 Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistenc...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-20265	Insecure Default Domain Allowlist in Splunk AI Toolkit_CVE-2026-20265 In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI T...	Splunk	Splunk AI Toolkit 5.7	Jun 17, 2026	CVE