MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-54411	CVE-2026-54411_CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in module...	Linux-PAM	Linux-PAM	Jun 14, 2026	CVE
MEDIUM 6.8	CVE-2026-54421	CVE-2026-54421_CVE-2026-54421 In OpenStack Ironic through 35.0.1, when applying a PATCH to update fields in volume properties the user is authorized for, Ironic can return unred...	OpenStack	Ironic	Jun 14, 2026	CVE
MEDIUM 5.3	1875515F-1163-	Exploit for Unchecked Input for Loop Condition in Isc Bind_1875515F-1163-510B-A697-82A204A481CB CVE-2026-5950 - BIND 9 Resolver DoS Research notes and defensive guidance for CVE-2026-5950, an unbounded resend loop vulnerability in the BIND 9 r...	N/A	N/A	Jun 14, 2026	GITHUBEXPLOIT
MEDIUM 5.1	CVE-2026-12175	CodeAstro Student Attendance Management System createStudents.php sql injection_CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Adm...	CodeAstro	Student Attendance Management System 1.0	Jun 13, 2026	CVE
MEDIUM 5.3	CVE-2026-12176	SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting_CVE-2026-12176 A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown ...	SourceCodester	CET Automated Grading System with AI Predictive Analytics 1.0	Jun 13, 2026	CVE
MEDIUM 5.6	CVE-2026-6428	CVE-2026-6428_CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x bef...	Koha Community	Koha	Jun 13, 2026	CVE
MEDIUM 4.3	CVE-2026-1291	Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation_CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint...	tigroumeow	Meow Gallery	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-9134	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter_CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up ...	fooplugins	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-9629	Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute_CVE-2026-9629 The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 du...	codesupplyco	Canvas	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-3297	Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block_CVE-2026-3297 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block ...	softaculous	Page Builder: Pagelayer – Drag and Drop website builder	Jun 13, 2026	CVE