MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.2	CVE-2026-0055	CVE-2026-0055_CVE-2026-0055 In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory ...	Google	Android 16-qpr2	Jun 1, 2026	CVE
MEDIUM 6.8	CVE-2026-0048	CVE-2026-0048_CVE-2026-0048 In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could le...	Google	Android 16-qpr2	Jun 1, 2026	CVE
MEDIUM 6.2	CVE-2026-0046	CVE-2026-0046_CVE-2026-0046 In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This...	Google	Android 16	Jun 1, 2026	CVE
MEDIUM 4.3	CVE-2026-41115	Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API_CVE-2026-41115 An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates ...	Apache Software Foundation	Apache Kafka 4.0.0	Jun 2, 2026	CVE
MEDIUM 6.3	CVE-2026-49943	CVE-2026-49943_CVE-2026-49943 CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a...	NIC	BIRD	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-42073	OpenClaude’s MCP OAuth Callback: State Check Bypass via error Param Leads to DoS_CVE-2026-42073 OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the OpenClaude MCP au...	Gitlawb	openclaude < 0.5.1	Jun 2, 2026	CVE
MEDIUM 6.1	CVE-2026-40713	CVE-2026-40713_CVE-2026-40713 Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physica...	Dell	ThinOS 10	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-40571	NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization_CVE-2026-40571 NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the w...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-40314	NamelessMC: Reactions on private or blocking profile posts can be read and modified without proper authorization_CVE-2026-40314 NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wa...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-35447	NamelessMC: Private or blocking profile pages can be bypassed with direct POST requests, and reply handling allows cross-profile writes_CVE-2026-35447 NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submi...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE