MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-8722	Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections_CVE-2026-8722 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes...	TEAM	Net::Async::Statsd::Client	Jun 3, 2026	CVE
MEDIUM 6.8	CVE-2026-48040	netty-incubator-codec-ohttp’s Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access_CVE-2026-48040 The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C li...	netty	netty-incubator-codec-ohttp < 0.0.22.Final	Jun 4, 2026	CVE
MEDIUM 5.4	CVE-2026-42547	IRIS Alerts Can be Falsely Attributed to Customers_CVE-2026-42547 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, use...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.3	CVE-2026-42543	IRIS has a Cross-Site Request Forgery (CSRF) issue_CVE-2026-42543 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vul...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.3	CVE-2026-42540	IRIS has a Mass Assignment issue_CVE-2026-42540 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 6.5	CVE-2026-42539	IRIS has an Excessive Data Exposure issue_CVE-2026-42539 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return ...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 6.5	CVE-2026-49940	Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks_CVE-2026-49940 Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) wer...	RRWO	Net::CIDR::Set	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-46739	Net::Statsd versions before 0.13 for Perl allow metric injections_CVE-2026-46739 Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generat...	COSIMO	Net::Statsd	Jun 4, 2026	CVE
MEDIUM 6.9	CVE-2026-41207	netty-incubator-codec-ohttp’s HPKEContext operations may produce empty byte[] on failures_CVE-2026-41207 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The ...	netty	netty-incubator-codec-ohttp < 0.0.21.Final	Jun 4, 2026	CVE
MEDIUM 5.8	CVE-2026-21404	NAVTOR NavBox Use of Hard-coded Credentials_CVE-2026-21404 NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the S...	NAVTOR	NavBox	Jun 4, 2026	CVE