MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-5149	RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter_CVE-2026-5149 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submiss...	rometheme	RTMKit	Jun 16, 2026	CVE
MEDIUM 6.7	CVE-2026-50255	CVE-2026-50255_CVE-2026-50255 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbi...	Sony Corporation	Optical Disc Archive Software for Windows 5.5.3 and earlier	Jun 16, 2026	CVE
MEDIUM 4.3	CVE-2026-10780	Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute_CVE-2026-10780 The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to t...	mohammadtanzilurrahman	Static Block	Jun 16, 2026	CVE
MEDIUM 6.3	CVE-2026-10635	Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init_CVE-2026-10635 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_dom...	zephyrproject	zephyr 4.4.0	Jun 16, 2026	CVE
MEDIUM 6.6	CVE-2026-42014	Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin_CVE-2026-42014 A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vu...	Red Hat	Red Hat Enterprise Linux 10 0:3.8.10-4.el10_2	Jun 16, 2026	CVE
MEDIUM 5.6	CVE-2026-1767	Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tags_CVE-2026-1767 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker cou...	Red Hat	Red Hat Enterprise Linux 10	Jun 16, 2026	CVE
MEDIUM 5.6	CVE-2026-1766	Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files._CVE-2026-1766 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. Th...	Red Hat	Red Hat Enterprise Linux 10	Jun 16, 2026	CVE
MEDIUM 5.6	CVE-2026-1765	Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potential information disclosure via crafted mp3 files_CVE-2026-1765 A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffe...	Red Hat	Red Hat Enterprise Linux 10	Jun 16, 2026	CVE
MEDIUM 5.6	CVE-2026-1764	Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leads to denial of service or information disclosure when parsing mp3 files_CVE-2026-1764 A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID...	Red Hat	Red Hat Enterprise Linux 10	Jun 16, 2026	CVE
MEDIUM 5.4	MS:CVE-2026-11666	Chromium: CVE-2026-11665 Out of bounds read in Dawn_MS:CVE-2026-11666 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 16, 2026	MSCVE