MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-56138	Authenticated Path Traversal in AIL framework /objects/item/diff Allows Reading Gzip-Compressed Files_CVE-2026-56138 AIL framework contains a path traversal vulnerability in the /objects/item/diff endpoint. The endpoint accepts item identifiers through the s1 and ...	ail-project	ail-framework	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-12706	Ffmpeg: ffmpeg: heap use-after-free read in rasc decoder decode_move()_CVE-2026-12706 A use-after-free vulnerability was found in FFmpeg's RASC video decoder. The decode_move() function initializes a read pointer into a decompressed ...	Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	Jun 19, 2026	CVE
MEDIUM 5.6	CVE-2026-11941	Use-after-free in connection ID iterator and FFI functions_CVE-2026-11941 Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_n...	Cloudflare	Quiche 0.20.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-49872	Apache APISIX: Improper authentication in cas-auth plugin_CVE-2026-49872 Improper Authentication vulnerability in Apache APISIX. When the cas-auth plugin is used in a route, an attacker can possibly authenticate itself ...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-49230	Apache APISIX: Authentication bypass in jwe-decrypt_CVE-2026-49230 Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to a...	Apache Software Foundation	Apache APISIX 3.8.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-48141	Memory leak in NI grpc-device BeginSidebandStream_CVE-2026-48141 There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-d...	NI	grpc-device	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-48140	Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream_CVE-2026-48140 There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and u...	NI	grpc-device	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-47341	Apache APISIX: Session replay issue in hmac-auth_CVE-2026-47341 Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a ...	Apache Software Foundation	Apache APISIX 3.11.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-47339	Apache APISIX: authz-casdoor incorrect session sharing_CVE-2026-47339 Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenti...	Apache Software Foundation	Apache APISIX 2.14.1	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-44087	Apache APISIX: Openid-connect plugin Identity Header Spoofing_CVE-2026-44087 Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack...	Apache Software Foundation	Apache APISIX 2.3	Jun 19, 2026	CVE