MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.9	CVE-2026-53725	Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied_CVE-2026-53725 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.5	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50244	Naxclow IoT Platform Missing Authorization_CVE-2026-50244 The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied accoun...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-50099	Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099 During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART conso...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50008	Parse Server: Server option routeAllowList is bypassable through batch sub-requests_CVE-2026-50008 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.3	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-47248	Parse Server: GraphQL “Did you mean” validation suggestions disclose schema to unauthenticated callers_CVE-2026-47248 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2,...	parse-community	parse-server < 8.6.78	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47236	Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission_CVE-2026-47236 Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions...	solidtime-io	solidtime < 0.12.2	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-42932	Naxclow IoT Platform Generation of Predictable Numbers or Identifiers_CVE-2026-42932 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identif...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.1	CVE-2026-41568	Moby: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap_CVE-2026-41568 Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prio...	moby	moby github.com/docker/docker/daemon <= 28.5.2	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-10715	Camaleon CMS 2.9.2 – Improper authorization in draft autosave endpoint_CVE-2026-10715 Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated us...	Camaleon CMS	Camaleon CMS 2.9.2	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-54357	MISP improper authorization allows organization administrators to modify site administrator user settings_CVE-2026-54357 An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to ...	misp	misp	Jun 12, 2026	CVE