MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-10720	MicroCeph path traversal issue in the remote-import API_CVE-2026-10720 Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trus...	Canonical	Microceph 19.2.1+snap74c0060321	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-10034	WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpoint (process_now/is_ajax Parameters)_CVE-2026-10034 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to t...	legalweb	WP DSGVO Tools (GDPR)	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-6798	2Download Connector for 2DL Hosted Checkout <= 0.1.5 - Missing Authorization to Unauthenticated Sensitive Customer Subscription Data Exposure via 'ToDownload_email' Parameter_CVE-2026-6798 The 2Download Connector for 2DL Hosted Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 0.1...	2download	2Download Connector for 2DL Hosted Checkout	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-3640	STRABL <= 4.5 - Unauthenticated Arbitrary Webhook Creation via REST API Endpoint_CVE-2026-3640 The STRABL – A checkout solution plugin for WordPress is vulnerable to Missing Authentication in all versions up to and including 4.5. The plugin r...	strablengineering	STRABL – A checkout solution	Jun 19, 2026	CVE
MEDIUM 5.6	CVE-2026-8296	CVE-2026-8296_CVE-2026-8296 In affected versions of Octopus Server with certain access levels it was possible to embed a Cross-Site Scripting Payload via artifacts.	Octopus Deploy	Octopus Server 2023.0.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-56138	Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files_CVE-2026-56138 AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and ...	ail-project	ail-framework	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-12706	Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder decode_move()_CVE-2026-12706 A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed ...	Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	Jun 19, 2026	CVE
MEDIUM 5.6	CVE-2026-11941	Use-after-free in connection ID iterator and FFI functions_CVE-2026-11941 Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_n...	Cloudflare	Quiche 0.20.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-49872	Apache APISIX: Improper authentication in cas-auth plugin_CVE-2026-49872 Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself ...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-49230	Apache APISIX: Authentication bypass in jwe-decrypt_CVE-2026-49230 Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to a...	Apache Software Foundation	Apache APISIX 3.8.0	Jun 19, 2026	CVE