MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-4367	Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing_CVE-2026-4367 A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by p...	Red Hat	Red Hat Enterprise Linux 10	Jun 16, 2026	CVE
MEDIUM 6.8	CVE-2026-48775	LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading_CVE-2026-48775 LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions...	langchain-ai	langgraph < 1.2.2	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47963	DNG SDK \| Out-of-bounds Read (CWE-125)_CVE-2026-47963 DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An a...	Adobe	DNG SDK	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47934	DNG SDK \| Out-of-bounds Read (CWE-125)_CVE-2026-47934 DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An a...	Adobe	DNG SDK	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47927	DNG SDK \| Out-of-bounds Read (CWE-125)_CVE-2026-47927 DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An a...	Adobe	DNG SDK	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47748	stable-diffusion.cpp: Out-of-bounds reads in PyTorch checkpoint pickle opcode parsing_CVE-2026-47748 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Ve...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
MEDIUM 5.4	CVE-2026-46448	CVE-2026-46448_CVE-2026-46448 In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.	OpenStack	Nova 18.0.0	Jun 16, 2026	CVE
MEDIUM 5.7	CVE-2026-12425	Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10_CVE-2026-12425 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center all...	PowerSchool	Employee Access Center 23.10	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-53899	Cross-origin cookies could be leaked when opening a PDF link_CVE-2026-53899 Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookie...	Mozilla	Firefox for iOS 152.0	Jun 16, 2026	CVE
MEDIUM 5.4	CVE-2026-12330	Incorrect boundary conditions in the Internationalization component_CVE-2026-12330 Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Th...	Mozilla	Firefox 115.37	Jun 16, 2026	CVE