MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.9	CVE-2026-10637	Use-after-free of net_pkt in IPv6 MLD send path triggerable by a link-local MLD Query_CVE-2026-10637 subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the networ...	zephyrproject	zephyr 1.12.0	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-12162	CVE-2026-12162_CVE-2026-12162 Improper host validation in the social login autofill feature in Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to disclose store...	Devolutions	Remote Desktop Manager 2026.2.0	Jun 15, 2026	CVE
MEDIUM 5.1	CVE-2026-9507	Session fixation vulnerability in Enhancesoft’s osTicket_CVE-2026-9507 A session fixation vulnerability has been identified in osTicket v1.18.2. This security flaw allows an attacker to hijack a victim’s account by kee...	Enhancesoft	osTicket 1.18.2	Jun 16, 2026	CVE
MEDIUM 6.7	THN:E4161CF0FE7...	China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth_THN:E4161CF0FE7CBFEDF9BA789D0C8137DE ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjxym2hiE83TbiNOrIeH3s4QCF0wQ_BYcSYPKlC3m9LGSuJnH7UNicbkgIk4kQTbpPiLRul9dSxQ180XW656_...	N/A	N/A	Jun 16, 2026	THN
MEDIUM 6.3	CVE-2025-10262	An unsanitized format validation vulnerability in Nokia SR Linux_CVE-2025-10262 Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vuln...	Nokia	SR Linux < 23.10.8	Jun 16, 2026	CVE
MEDIUM 6.3	CVE-2025-9912	A local privilege escalation vulnerability in Nokia SR Linux_CVE-2025-9912 Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticate...	Nokia	Nokia SR Linux < 23.10.8	Jun 16, 2026	CVE
MEDIUM 4.8	CVE-2026-8484	Heap buffer overflow in Jansi_CVE-2026-8484 A heap buffer overflow vulnerability exists in the Jansi JNI "ioctl()" wrapper due to a lack of size verification for the argument array before the...	FuseSource	jansi	Jun 16, 2026	CVE
MEDIUM 6.9	CVE-2026-10828	CVE-2026-10828_CVE-2026-10828 A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Serie...	Moxa	NPort W2150A-W4/W2250A-W4 Series 1.0	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-54197	WordPress GetGenie plugin <= 4.4.1 - Sensitive Data Exposure vulnerability_CVE-2026-54197 Unauthenticated Sensitive Data Exposure in GetGenie	Wpmet	GetGenie n/a	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-54190	WordPress Envira Photo Gallery plugin <= 1.12.5 - Broken Access Control vulnerability_CVE-2026-54190 Unauthenticated Broken Access Control in Envira Photo Gallery	Awesomemotive	Envira Photo Gallery n/a	Jun 16, 2026	CVE