MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-10807	mjperpinosa stumasy change_profile_image.php unrestricted upload_CVE-2026-10807 A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/cha...	mjperpinosa	stumasy 25d695901fbb586bf184b8ba73456d8e5311656c	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10806	mjperpinosa stumasy add_post.php unrestricted upload_CVE-2026-10806 A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post....	mjperpinosa	stumasy 25d695901fbb586bf184b8ba73456d8e5311656c	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-47707	Strawberry GraphQL’s Bypass of MaxAliasesLimiter via Fragment Spreads leading to GraphQL Alias Amplification_CVE-2026-47707 Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails ...	strawberry-graphql	strawberry >= 0.172.0, < 0.315.7	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-47706	Strawberry GraphQL has a Circular Fragment Reference DOS_CVE-2026-47706 Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an ...	strawberry-graphql	strawberry >= 0.71.0, < 0.315.7	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10864	MISP Dashboard widget field selection may expose restricted user and organisation data_CVE-2026-10864 A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returne...	misp	misp	Jun 4, 2026	CVE
MEDIUM 6.4	CVE-2026-10863	MISP User-controlled order parameter in correlations over-correlation endpoint_CVE-2026-10863 A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named re...	misp	misp	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10811	itsourcecode Fees Management System receipt.php sql injection_CVE-2026-10811 A security vulnerability has been detected in itsourcecode Fees Management System 1.0. Affected by this vulnerability is an unknown functionality o...	itsourcecode	Fees Management System 1.0	Jun 4, 2026	CVE
MEDIUM 6.5	CVE-2026-27145	Inefficient candidate hostname parsing in crypto/x509_CVE-2026-27145 (*x509.Certificate).VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name (SAN) entries. This caused stri...	Go standard library	crypto/x509	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-49077	WordPress WP eMember plugin <= v10.2.2 - Sensitive Data Exposure vulnerability_CVE-2026-49077 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded ...	Tips and Tricks HQ	WP eMember n/a	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-10802	keystonejs keystone GraphQL API Endpoint output-field.ts resource consumption_CVE-2026-10802 A vulnerability was detected in keystonejs keystone up to 20260319. This vulnerability affects unknown code in the library packages/core/src/lib/co...	keystonejs	keystone 20260319	Jun 4, 2026	CVE