MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-47224	NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check_CVE-2026-47224 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-ove...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47222	NanaZip: Heap out-of-bounds read in NanaZip AVB property descriptor parser via unsigned integer underflow_CVE-2026-47222 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-3433	Mattermost fails to scope role_updated websocket events to authorized team and channel members_CVE-2026-3433 Mattermost versions 11.6.x	Mattermost	Mattermost 11.6.0	Jun 12, 2026	CVE
MEDIUM 6.3	PACKETSTORM:223315	📄 BIRD 2.18 Stack Buffer Overflow / Denial of Service Scanner_PACKETSTORM:223315 This Metasploit auxiliary module is designed to assess a vulnerability in the BGP implementation of the BIRD Internet Routing Daemon. The module es...	N/A	N/A	Jun 12, 2026	PACKETSTORM
MEDIUM 6.5	CVE-2026-12024	CVE-2026-12024_CVE-2026-12024 Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a c...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
MEDIUM 5.9	CVE-2026-9271	KeepInMind – Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS_CVE-2026-9271 Vulnerability Title	Unknown	KeepInMind Dashboard Notes	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50634	Apache CXF: WS JSON request filter trusts metadata from an unvalidated first signature entry_CVE-2026-50634 A vulnerability in Apache CXF's JwsJsonContainerRequestFilter can be exploited to cause CXF to process metadata that was not authenticated by the a...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50630	Apache CXF: OAuth2: HTTP Response Splitting via WWW-Authenticate Realm Injection_CVE-2026-50630 A CRLF injection vulnerability exists in the OAuth2 AuthorizationUtils class. When constructing the WWW-Authenticate response header, the 'realm' p...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-50629	Apache CXF: OAuth2: Log Injection via Unsanitized Client Identifier_CVE-2026-50629 The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control ch...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50623	Apache CXF: Authentication Bypass in OAuth2 TokenIntrospectionService_CVE-2026-50623 An authentication bypass vulnerability exists in the OAuth2 TokenIntrospectionService in Apache CXF. Due to a missing 'throw' keyword in the securi...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE