MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.7	CVE-2026-50267	Steeltoe: TLS private keys written to /tmp with default permissions, never deleted_CVE-2026-50267 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Abstractions >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-50202	Steeltoe’s static JWKS cache shared across schemes and never invalidated_CVE-2026-50202 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.A...	SteeltoeOSS	Steeltoe.Security.Authentication.CloudFoundryBase < 3.4.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-50201	Steeltoe’s sensitive actuators (heapdump/env) only require Restricted permission_CVE-2026-50201 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management...	SteeltoeOSS	Steeltoe.Management.Endpoint < 4.2.0	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-44646	LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`_CVE-2026-44646 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn() creates a ...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-44645	LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body_CVE-2026-44645 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
MEDIUM 6.1	CVE-2026-44644	LiquidJS’s strip_html filter bypass via newline characters in HTML tags enables XSS_CVE-2026-44644 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through ...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-12568	Arbitrary File Write in postman_download module_CVE-2026-12568 The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a mal...	Black Lantern Security	BBOT 2.1.0	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-12565	Path Traversal (Zip-Slip) in unarchive module_CVE-2026-12565 The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behav...	Black Lantern Security	BBOT 2.3.1	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-12529	SourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access control_CVE-2026-12529 A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown ...	SourceCodester	CET Automated Grading System with AI Predictive Analytics 1.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-10741	Nexus Repository Manager – Incorrect Authorization allows credential disclosure via proxy repository configuration_CVE-2026-10741 Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegat...	Sonatype	Nexus Repository Manager 3.1.0	Jun 17, 2026	CVE