MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-47157	aiograpi: Unsafe signup challenge path handling_CVE-2026-47157 aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them...	subzeroid	aiograpi < 0.9.10	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-46698	Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action_CVE-2026-46698 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_...	stefanbohacek	fediverse-embeds-wordpress-plugin < 1.5.9	Jun 11, 2026	CVE
MEDIUM 4.9	CVE-2026-11986	Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak_CVE-2026-11986 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs be...	Red Hat	Red Hat Build of Keycloak	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53702	Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser_CVE-2026-53702 A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, ...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53701	Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser_CVE-2026-53701 An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.9	CVE-2026-52859	Vim: Out-of-bounds Read in Terminal Screen Snapshot_CVE-2026-52859 Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible ter...	vim	vim < 9.2.0565	Jun 11, 2026	CVE
MEDIUM 6.1	CVE-2026-47250	mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration_CVE-2026-47250 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp...	Flux159	mcp-server-kubernetes < 3.7.0	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47177	Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel_CVE-2026-47177 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47176	Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel_CVE-2026-47176 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
MEDIUM 6.3	CVE-2026-47173	Quest Bot: Ticket reason allows mass-mention injection_CVE-2026-47173 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticke...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE