MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.6	CVE-2026-6428	CVE-2026-6428_CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x bef...	Koha Community	Koha	Jun 13, 2026	CVE
MEDIUM 4.3	CVE-2026-1291	Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation_CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint...	tigroumeow	Meow Gallery	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-9134	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter_CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up ...	fooplugins	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-9629	Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute_CVE-2026-9629 The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 du...	codesupplyco	Canvas	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-3297	Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block_CVE-2026-3297 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block ...	softaculous	Page Builder: Pagelayer – Drag and Drop website builder	Jun 13, 2026	CVE
MEDIUM 4.3	CVE-2026-2470	Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'_CVE-2026-2470 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, an...	softaculous	Page Builder: Pagelayer – Drag and Drop website builder	Jun 13, 2026	CVE
MEDIUM 6.9	MS:CVE-2026-52859	Vim: Out-of-bounds Read in Terminal Screen Snapshot_MS:CVE-2026-52859 {“lastseen”:”2026-06-13T07:22:04″,”description”:””,”published”:”2026-06-13T08:01:...	N/A	N/A	Jun 13, 2026	MSCVE
MEDIUM 5.1	MS:CVE-2026-47167	Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex_MS:CVE-2026-47167 {“lastseen”:”2026-06-13T07:22:04″,”description”:””,”published”:”2026-06-13T08:01:...	N/A	N/A	Jun 13, 2026	MSCVE
MEDIUM 5.4	6DC85E25-562C-	Exploit for Cross-Site Request Forgery (CSRF) in Jupyter Jupyterhub_6DC85E25-562C-5013-9637-8ECC82BB80F9 CVE-2026-40864 — JupyterHub XSRF bypass via cross-origin form POST Sec-Fetch-Mode: no-cors Severity: Moderate CWE: CWE-352 — Cross-Site Request For...	N/A	N/A	Jun 13, 2026	GITHUBEXPLOIT
MEDIUM 6.4	CVE-2026-11769	Operator – Namespaced User Path Traversal_CVE-2026-11769 We have released version 5.24.0 of the Grafana Operator. This patch includes a CRITICAL severity security fix for a path traversal/privilege escala...	Grafana	Grafana Operator	Jun 13, 2026	CVE