MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5	CVE-2026-54055	Kitty has an Arbitrary File Write via Symlink Race Condition in File Transmission Protocol_CVE-2026-54055 Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transm...	kovidgoyal	kitty < 0.47.2	Jun 12, 2026	CVE
MEDIUM 6.1	CVE-2026-54397	MISP event editing allows unauthorized assignment to undisclosed sharing groups_CVE-2026-54397 A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form da...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54396	MISP AuthKey edit endpoint allows authenticated user email enumeration_CVE-2026-54396 An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit reques...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54395	MISP UiBeta event index reflected XSS in advanced filter popup_CVE-2026-54395 MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScr...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54394	MISP organisation logo path traversal allows retrieval of arbitrary PNG/SVG files_CVE-2026-54394 MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using ...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-54393	MISP Overmind theme stored XSS via unvalidated homepage setting_CVE-2026-54393 A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-cont...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-54362	MISP template builder exposes non-visible custom galaxies across organisations_CVE-2026-54362 An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not ha...	misp	misp	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-53606	sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes_CVE-2026-53606 ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of...	apostrophecms	sanitize-html < 2.17.5	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-47264	Discourse: Don’t leak restricted tag group names via tag info_CVE-2026-47264 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47263	Discourse: Prevent webhook payload disclosure on event redelivery_CVE-2026-47263 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.4	Jun 12, 2026	CVE