MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.7	CVE-2026-6739	Mattermost: Delegated admins could patch protected default system roles_CVE-2026-6739 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-6689	Missing {{invite_user}} permission check on team creation allows unprivileged users to set open-invite and allowed-domains team settings_CVE-2026-6689 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-6046	Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server_CVE-2026-6046 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47224	NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check_CVE-2026-47224 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-ove...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47222	NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow_CVE-2026-47222 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-3433	Mattermost fails to scope role_updated websocket events to authorized team and channel members_CVE-2026-3433 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 6.3	PACKETSTORM:223315	📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner_PACKETSTORM:223315 This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module es...	N/A	N/A	Jun 12, 2026	PACKETSTORM
MEDIUM 6.5	CVE-2026-12024	CVE-2026-12024_CVE-2026-12024 Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a c...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
MEDIUM 5.9	CVE-2026-9271	KeepInMind – Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS_CVE-2026-9271 Vulnerability Title	Unknown	KeepInMind Dashboard Notes	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50634	Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry_CVE-2026-50634 A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the a...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE