MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-49214	guzzlehttp/psr7 has CRLF Injection via URI Host Component_CVE-2026-49214 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 did not reject ASCII control characters, whitespace...	guzzle	psr7 < 2.10.2	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-48998	guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation_CVE-2026-48998 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Versions prior to 2.10.2 contain improper Host header validation when parsin...	guzzle	psr7 < 2.10.2	Jun 11, 2026	CVE
MEDIUM 6.3	CVE-2026-11956	TwiN gatus OIDC Session Cookie oidc.go setSessionCookie missing secure attribute_CVE-2026-11956 A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC S...	TwiN	gatus 5.36.0	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-11561	SSTI in Soagen Informatics’ Apinizer_CVE-2026-11561 Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Info...	Soagen Informatics Technologies Software and Consulting Inc.	Apinizer 2026.04.0	Jun 11, 2026	CVE
MEDIUM 5.3	6FB6950A-0A62-	Exploit for CVE-2026-7665_6FB6950A-0A62-57F3-AD18-661A86DCE996 CVE-2026-7665 — Unauthenticated Information Disclosure in Essential Addons for Elementor \| Field \| Detail \| \|-------\|--------\| \| CVE ID \| CVE-2026-...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
MEDIUM 6.8	BEC2E52E-1CD0-	Exploit for Improper Input Validation in Nodeca Js-Yaml_BEC2E52E-1CD0-52EF-9716-9449D93392AB Doceker bulid 취약환경으로 Docker 환경으로 빌드를 한다. docker build -f cve-2013-4660 -t cve-2013-4660 . 공격 성공 시 서버 내부의 민감 정보가 어떻...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
MEDIUM 6.3	CVE-2026-53911	Cerebrate primary key mass assignment in CRUD edit operations allows authenticated users to overwrite unrelated records_CVE-2026-53911 Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom ...	cerebrate	cerebrate	Jun 11, 2026	CVE
MEDIUM 5	CVE-2026-11850	Krb5: krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read_CVE-2026-11850 An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The fu...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.6	CVE-2025-7064	Freelance Security Lock – Access to Windows OS_CVE-2025-7064 Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 20...	ABB	Freelance	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-41001	Predictable Temp Directory in Artemis Auto-configuration_CVE-2026-41001 Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explic...	Spring	Spring Boot 4.0.0	Jun 11, 2026	CVE