MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.2	CVE-2026-9158	CVE-2026-9158_CVE-2026-9158 In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling po...	Eclipse Foundation	Eclipse 4diac 3.0.0	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-42490	domctl lock open to abuse_CVE-2026-42490 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and man...	Xen	Xen consult Xen advisory XSA-492	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-42489	domctl lock open to abuse_CVE-2026-42489 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and man...	Xen	Xen consult Xen advisory XSA-492	Jun 18, 2026	CVE
MEDIUM 5.7	CVE-2026-12539	Docker Sandboxes ICMP egress restriction bypass after daemon restart_CVE-2026-12539 Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt fr...	Docker	Docker Sandboxes 0.14.0	Jun 18, 2026	CVE
MEDIUM 6	CVE-2026-12527	CVE-2026-12527_CVE-2026-12527 A broken authorization boundary in the RTSP media delivery pipeline of Shenzhen Liandian Communication Technology LTD V380 IP Camera firmware AppFH...	Shenzhen Liandian Communication Technology LTD	V380 IP Camera / AppFHE1_V1.0.6.0 AppFHE1_V1.0.6.020230803	Jun 18, 2026	CVE
MEDIUM 5.7	CVE-2026-12039	Docker Sandboxes network egress allowlist bypass via unfiltered DNS resolution_CVE-2026-12039 Docker Sandboxes (sbx) enforces an HTTP/S-only egress allowlist but does not apply it to DNS resolution: the per-network embedded DNS server forwar...	Docker	Docker Sandboxes 0.13.0	Jun 18, 2026	CVE
MEDIUM 6.7	CVE-2026-22551	CVE-2026-22551_CVE-2026-22551 In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary extern...	Eclipse Foundation	Eclipse Theia	Jun 18, 2026	CVE
MEDIUM 5	CVE-2026-11791	389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()_CVE-2026-11791 A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax informati...	Red Hat	Red Hat Directory Server 11	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2025-58175	GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution_CVE-2025-58175 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses ...	geoserver	org.geoserver.web:gs-web-app < 2.26.4	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-56024	WordPress WP EasyPay plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-56024 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/...	Saad Iqbal	WP EasyPay n/a	Jun 18, 2026	CVE