MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-53808	OpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow_CVE-2026-53808 OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set appl...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-47157	aiograpi: Unsafe signup challenge path handling_CVE-2026-47157 aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them...	subzeroid	aiograpi < 0.9.10	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-46698	Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action_CVE-2026-46698 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_...	stefanbohacek	fediverse-embeds-wordpress-plugin < 1.5.9	Jun 11, 2026	CVE
MEDIUM 4.9	CVE-2026-11986	Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak_CVE-2026-11986 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs be...	Red Hat	Red Hat Build of Keycloak	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53702	Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser_CVE-2026-53702 A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, ...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53701	Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser_CVE-2026-53701 An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.9	CVE-2026-52859	Vim: Out-of-bounds Read in Terminal Screen Snapshot_CVE-2026-52859 Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible ter...	vim	vim < 9.2.0565	Jun 11, 2026	CVE
MEDIUM 6.1	CVE-2026-47250	mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration_CVE-2026-47250 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp...	Flux159	mcp-server-kubernetes < 3.7.0	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47177	Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel_CVE-2026-47177 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47176	Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel_CVE-2026-47176 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE