MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-8035	NULL pointer dereference in NI-PAL_CVE-2026-8035 Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due t...	NI	NI-PAL	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-5074	ARMember Premium <= 7.3.1 - Authenticated (Subscriber+) SQL Injection via 'sSortDir_0' Parameter_CVE-2026-5074 The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX acti...	armember	ARMember Premium – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup	Jun 2, 2026	CVE
MEDIUM 6.3	CVE-2026-49120	Medplum < 5.1.14 SSRF via FHIR Subscription Endpoint_CVE-2026-49120 Medplum before 5.1.14 contains a server-side request forgery vulnerability in the subscription worker that allows authenticated users to perform un...	medplum	medplum	Jun 2, 2026	CVE
MEDIUM 6.6	CVE-2026-47265	AIOHTTP vulnerable to cross-origin redirect with per-request cookies_CVE-2026-47265 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter o...	aio-libs	aiohttp < 3.14.0	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-41577	authentik: SAML source does not validate Conditions, timing, or audience on assertions_CVE-2026-41577 authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor (ResponseProcessor.pars...	goauthentik	authentik < 2025.12.5	Jun 2, 2026	CVE
MEDIUM 6.6	CVE-2026-40181	React Router’s same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation_CVE-2026-40181 React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can tri...	remix-run	react-router >= 7.0.0, < 7.14.1	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-35049	wire-ios has Persistent Remote DoS via Integer Underflow_CVE-2026-35049 wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external m...	wireapp	wire-ios < 4.16.0	Jun 2, 2026	CVE
MEDIUM 6.4	CVE-2026-34993	AIOHTTP Vulnerable to Deserialization of Untrusted Data_CVE-2026-34993 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted ...	aio-libs	aiohttp < 3.14.0	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-10617	nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication_CVE-2026-10617 A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http...	nextlevelbuilder	GoClaw 3.11.0	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10616	nextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization_CVE-2026-10616 A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the f...	nextlevelbuilder	GoClaw 3.11.0	Jun 2, 2026	CVE