MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.9	CVE-2026-9678	undici vulnerable to cross-user information disclosure via shared cache whitespace bypass_CVE-2026-9678 Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded...	undici	undici 7.0.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-48591	Stored XSS via unescaped HTML attribute values in earmark_CVE-2026-48591 Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HT...	pragdave	earmark 1.4.1	Jun 17, 2026	CVE
MEDIUM 6.1	CVE-2026-30799	Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing._CVE-2026-30799 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Identity Spoofing.This issue affec...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
MEDIUM 6	CVE-2026-2675	Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data._CVE-2026-2675 Missing Authentication for Critical Function vulnerability in RTI Connext Professional (Security Plugins) allows Fake the Source of Data.This issue...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-2674	Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistence Service) allows Overflow Buffers._CVE-2026-2674 Out-of-bounds Write, Out-of-bounds Write, Out-of-bounds Write vulnerability in RTI Connext Professional (Queueing Service,Core Libraries,Persistenc...	RTI	Connext Professional 7.4.0	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-20265	Insecure Default Domain Allowlist in Splunk AI Toolkit_CVE-2026-20265 In Splunk AI Toolkit versions below 5.7.4, a low-privileged user that does not hold the "admin" or "power" Splunk roles could cause the Splunk AI T...	Splunk	Splunk AI Toolkit 5.7	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-20178	CVE-2026-20178_CVE-2026-20178 A vulnerability in the browser-based version of Cisco Webex App could have allowed an unauthenticated, remote attacker to redirect users to a malic...	Cisco	Cisco Webex App N/A	Jun 17, 2026	CVE
MEDIUM 6.8	CVE-2026-53870	Hermes Agent < 0.16.0 - Sensitive File Permission Vulnerability in Store Files_CVE-2026-53870 Hermes Agent before 0.16.0 creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644), exposing conversa...	NousResearch	hermes-agent	Jun 17, 2026	CVE
MEDIUM 4.3	PACKETSTORM:223717	📄 EspoCRM 9.3.3 Server-Side Request Forgery_PACKETSTORM:223717 This Metasploit module exploits an authenticated server-side request forgery vulnerability in EspoCRM versions up to 9.3.3. The vulnerability exist...	N/A	N/A	Jun 17, 2026	PACKETSTORM
MEDIUM 6.5	5EEAA18E-23B7-	Exploit for Path Traversal in Cisco Catalyst_Sd-Wan_Manager_5EEAA18E-23B7-5627-B8F5-105707CA1640 CVE-2026-20262 - Cisco Catalyst SD-WAN Manager Arbitrary File Write Path Traversal -orange 📋 Descripción CVE-2026-20262 es una vulnerabilidad de P...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT