MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-41115	Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API_CVE-2026-41115 An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates ...	Apache Software Foundation	Apache Kafka 4.0.0	Jun 2, 2026	CVE
MEDIUM 6.3	CVE-2026-49943	CVE-2026-49943_CVE-2026-49943 CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a...	NIC	BIRD	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-42073	OpenClaude’s MCP OAuth Callback: State Check Bypass via error Param Leads to DoS_CVE-2026-42073 OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP au...	Gitlawb	openclaude < 0.5.1	Jun 2, 2026	CVE
MEDIUM 6.1	CVE-2026-40713	CVE-2026-40713_CVE-2026-40713 Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physica...	Dell	ThinOS 10	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-40571	NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization_CVE-2026-40571 NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the w...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-40314	NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization_CVE-2026-40314 NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wa...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-35447	NamelessMC: Private or blocking profile pages can be bypassed with direct POST requests, and reply handling allows cross-profile writes_CVE-2026-35447 NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submi...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE
MEDIUM 5.4	CVE-2026-33244	React Router has stored XSS via unescaped Location header in prerendered redirect HTML_CVE-2026-33244 React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization...	remix-run	react-router >= 7.5.1, < 7.13.2	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-10606	DedeCMS Feedback feedback.php TrimMsg sql injection_CVE-2026-10606 A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feed...	n/a	DedeCMS 5.7.88	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-40564	Apache Flink Kubernetes Operator: Server-Side Request Forgery and local file access in Kubernetes Operator_CVE-2026-40564 Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The Fli...	Apache Software Foundation	Apache Flink Kubernetes Operator 1.3.0	May 26, 2026	CVE