MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2025-43278	CVE-2025-43278_CVE-2025-43278 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user...	Apple	macOS	Jun 11, 2026	CVE
MEDIUM 5.5	CVE-2025-24165	CVE-2025-24165_CVE-2025-24165 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7....	Apple	macOS	Jun 11, 2026	CVE
MEDIUM 5	CVE-2026-54055	Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol_CVE-2026-54055 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transm...	kovidgoyal	kitty < 0.47.2	Jun 12, 2026	CVE
MEDIUM 6.1	CVE-2026-54397	MISP event editing allows unauthorized assignment to undisclosed sharing groups_CVE-2026-54397 A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form da...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54396	MISP AuthKey edit endpoint allows authenticated user email enumeration_CVE-2026-54396 An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit reques...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54395	MISP UiBeta event index reflected XSS in advanced filter popup_CVE-2026-54395 MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScr...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54394	MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files_CVE-2026-54394 MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using ...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-54393	MISP Overmind theme stored XSS via unvalidated homepage setting_CVE-2026-54393 A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-cont...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54362	MISP template builder exposes non-visible custom galaxies across organisations_CVE-2026-54362 An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not ha...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-53606	sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of...	apostrophecms	sanitize-html < 2.17.5	Jun 12, 2026	CVE