MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-45802	FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service_CVE-2026-45802 FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version...	Setasign	FPDI < 2.6.7	Jun 11, 2026	CVE
MEDIUM 6.9	CVE-2026-53818	OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback_CVE-2026-53818 OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-on...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
MEDIUM 4.9	CVE-2026-53812	OpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions_CVE-2026-53812 OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-53809	OpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy_CVE-2026-53809 OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare a...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
MEDIUM 6	CVE-2026-53808	OpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow_CVE-2026-53808 OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set appl...	OpenClaw	OpenClaw	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-47157	aiograpi: Unsafe signup challenge path handling_CVE-2026-47157 aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them...	subzeroid	aiograpi < 0.9.10	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-46698	Fediverse Embeds: Public-nonce SSRF via ftf_get_site_info AJAX action_CVE-2026-46698 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_...	stefanbohacek	fediverse-embeds-wordpress-plugin < 1.5.9	Jun 11, 2026	CVE
MEDIUM 4.9	CVE-2026-11986	Keycloak-rest-admin-ui-ext: authorization bypass vulnerability in the admin-ui-ext bulk role-mapping-delete endpoints of keycloak_CVE-2026-11986 A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs be...	Red Hat	Red Hat Build of Keycloak	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53702	Gstreamer1-plugins-bad-free: gstreamer: stack buffer overflow in h.265 buffering period sei parser_CVE-2026-53702 A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, ...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-53701	Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser_CVE-2026-53701 An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE