MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-2470	Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'_CVE-2026-2470 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, an...	softaculous	Page Builder: Pagelayer – Drag and Drop website builder	Jun 13, 2026	CVE
MEDIUM 6.9	MS:CVE-2026-52859	Vim: Out-of-bounds Read in Terminal Screen Snapshot_MS:CVE-2026-52859 {“lastseen”:”2026-06-13T07:22:04″,”description”:””,”published”:”2026-06-13T08:01:...	N/A	N/A	Jun 13, 2026	MSCVE
MEDIUM 5.1	MS:CVE-2026-47167	Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex_MS:CVE-2026-47167 {“lastseen”:”2026-06-13T07:22:04″,”description”:””,”published”:”2026-06-13T08:01:...	N/A	N/A	Jun 13, 2026	MSCVE
MEDIUM 5.4	6DC85E25-562C-	Exploit for Cross-Site Request Forgery (CSRF) in Jupyter Jupyterhub_6DC85E25-562C-5013-9637-8ECC82BB80F9 CVE-2026-40864 — JupyterHub XSRF bypass via cross-origin form POST Sec-Fetch-Mode: no-cors Severity: Moderate CWE: CWE-352 — Cross-Site Request For...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
MEDIUM 6.4	CVE-2026-11769	Operator – Namespaced User Path Traversal_CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escala...	Grafana	Grafana Operator	Jun 13, 2026	CVE
MEDIUM 5.5	CVE-2026-54231	Abrt: unsanitized systemd journal content written to dump directory files enables content injection_CVE-2026-54231 A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journa...	Red Hat	Red Hat Enterprise Linux 6	Jun 13, 2026	CVE
MEDIUM 4.9	CVE-2026-12089	WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read_CVE-2026-12089 The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and includin...	aurelienlws	LWS Optimize – All-in-One Speed Booster & Cache Tools	Jun 13, 2026	CVE
MEDIUM 5.3	CVE-2026-53867	Capgo < 12.128.2 - Orphaned File Retention via Profile Image Replacement_CVE-2026-53867 Capgo before 12.128.2 fails to delete previously uploaded profile images from backend storage when users replace or remove them. Attackers can acce...	Cap-go	capgo	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-53839	OpenClaw < 2026.5.7 - Hostname Prefix Matching Bypass in Trusted Retry Endpoint Validation_CVE-2026-53839 OpenClaw before 2026.5.7 contains a hostname validation vulnerability in retry endpoint checks that allows matching hostname prefixes instead of ex...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-53838	OpenClaw < 2026.5.27 - Node Pairing State Mutation via Reconnection_CVE-2026-53838 OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approval scope d...	OpenClaw	OpenClaw	Jun 12, 2026	CVE