MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-3433	Mattermost fails to scope role_updated websocket events to authorized team and channel members_CVE-2026-3433 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 6.3	PACKETSTORM:223315	📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner_PACKETSTORM:223315 This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module es...	N/A	N/A	Jun 12, 2026	PACKETSTORM
MEDIUM 6.5	CVE-2026-12024	CVE-2026-12024_CVE-2026-12024 Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a c...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
MEDIUM 5.9	CVE-2026-9271	KeepInMind – Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS_CVE-2026-9271 Vulnerability Title	Unknown	KeepInMind Dashboard Notes	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50634	Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry_CVE-2026-50634 A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the a...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50630	Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection_CVE-2026-50630 A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' p...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-50629	Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier_CVE-2026-50629 The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control ch...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50623	Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService_CVE-2026-50623 An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the securi...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-8694	Improper access control on the API documentation endpoint in PowerShell Universal_CVE-2026-8694 Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI sp...	Devolutions	PowerShell Universal	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-53722	Nuxt: Reflected XSS in `` via unsanitised `javascript:` or `data:` URL_CVE-2026-53722 Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound t...	nuxt	nuxt < 3.21.7	Jun 12, 2026	CVE