MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-44207	Frappe: Insecure Direct Object Reference for email accounts_CVE-2026-44207 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to acces...	frappe	frappe < 15.107.0	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44206	Frappe: DB Schema Enumeration via Frappe-Authorization-Source_CVE-2026-44206 Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an e...	frappe	frappe < 15.107.2	Jun 12, 2026	CVE
MEDIUM 5.9	CVE-2026-49993	@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)_CVE-2026-49993 Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21....	nuxt	nuxt >= 3.15.4, < 3.21.7	Jun 12, 2026	CVE
MEDIUM 6.3	CVE-2026-47200	Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`_CVE-2026-47200 Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/n...	nuxt	nuxt >= 3.11.0, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.9	CVE-2026-45670	Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)_CVE-2026-45670 Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, an...	nuxt	nuxt >= 3.15.4, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-45669	Nuxt: Reflected XSS in `navigateTo()` external redirect_CVE-2026-45669 Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() w...	nuxt	nuxt >= 3.4.3, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-1836	Stored credentials in Redmine_CVE-2026-1836 The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platf...	Redmine	Redmine	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-12066	PbootCMS Password MemberController.php retrieve password recovery_CVE-2026-12066 A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/Mem...	n/a	PbootCMS 3.2.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-49347	Quest Bot: Ticket creation has no per-user open-ticket limit or cooldown_CVE-2026-49347 Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels....	duck-organization	questbot < 1.1.8	Jun 12, 2026	CVE
MEDIUM 6.7	CVE-2026-48914	Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling_CVE-2026-48914 A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before w...	Red Hat	Red Hat Enterprise Linux 10	Jun 12, 2026	CVE