MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-47223	NanaZip: Heap out-of-bounds read in NanaZip AVB hashtree descriptor parser via 32-bit unsigned integer overflow_CVE-2026-47223 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5	CVE-2026-44173	MariaDB: FILE privilege was not checked for subqueries in the FROM clause_CVE-2026-44173 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.26	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44172	MariaDB: mysql_real_escape_string() incorrectly handled big5_CVE-2026-44172 MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input...	MariaDB	server = 3.3.18	Jun 12, 2026	CVE
MEDIUM 6.3	CVE-2026-44171	MariaDB: path traversal in mbstream_CVE-2026-44171 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.26	Jun 12, 2026	CVE
MEDIUM 6.3	CVE-2026-44170	MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL_CVE-2026-44170 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.26	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44169	MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions_CVE-2026-44169 MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user g...	MariaDB	server >= 11.4.1, < 11.4.11	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-53726	Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL_CVE-2026-53726 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6,...	parse-community	parse-server < 8.6.80	Jun 12, 2026	CVE
MEDIUM 5.9	CVE-2026-53725	Parse Server: Endpoints `/login` and `/verifyPassword` disclose MFA secrets and protected fields when `_User` get is denied_CVE-2026-53725 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.5	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50244	Naxclow IoT Platform Missing Authorization_CVE-2026-50244 The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied accoun...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-50099	Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099 During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART conso...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE