MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-8694	Improper access control on the API documentation endpoint in PowerShell Universal_CVE-2026-8694 Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI sp...	Devolutions	PowerShell Universal	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-53722	Nuxt: Reflected XSS in `` via unsanitised `javascript:` or `data:` URL_CVE-2026-53722 Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound t...	nuxt	nuxt < 3.21.7	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-47739	Frappe: Stored XSS in Note_CVE-2026-47739 Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitizati...	frappe	frappe < 15.106.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-47244	Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced_CVE-2026-47244 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Default...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-47141	vm2: NodeVM observability builtins leak host process and HTTP request data_CVE-2026-47141 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM exposes some process-wide observability builtins when they are allowe...	patriksimek	vm2 < 3.11.4	Jun 12, 2026	CVE
MEDIUM 6.8	CVE-2026-45673	Netty: DNS Cache Poisoning due to Predictable PRNG and Default Static Source Port_CVE-2026-45673 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 4	CVE-2026-45536	Netty: Unix-socket fd receive leaks descriptors when peer sends two at once_CVE-2026-45536 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_u...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44205	Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload_CVE-2026-44205 Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an...	frappe	frappe < 15.106.0	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-41581	Frappe Vulnerable to Possible SQL Injection via get_blog_list_CVE-2026-41581 Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This...	frappe	frappe < 15.106.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-5792	Authentication Bypass in Related Digital’s Related Marketing Cloud (RMC)_CVE-2026-5792 Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brut...	Hedef Media Promotion Interactive Media Marketing Inc.	Related Marketing Cloud (RMC)	Jun 12, 2026	CVE