MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-44645	LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body_CVE-2026-44645 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, the renderLimit option can...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
MEDIUM 6.1	CVE-2026-44644	LiquidJS’s strip_html filter bypass via newline characters in HTML tags enables XSS_CVE-2026-44644 LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through ...	harttle	liquidjs < 10.26.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-12568	Arbitrary File Write in postman_download module_CVE-2026-12568 The postman_download module uses the workspace name field from the Postman API to construct the local directory path without sanitization. If a mal...	Black Lantern Security	BBOT 2.1.0	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-12565	Path Traversal (Zip-Slip) in unarchive module_CVE-2026-12565 The unarchive internal module's archive extraction commands perform no code-level validation on extracted file paths, relying entirely on the behav...	Black Lantern Security	BBOT 2.3.1	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-12529	SourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access control_CVE-2026-12529 A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown ...	SourceCodester	CET Automated Grading System with AI Predictive Analytics 1.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-10741	Nexus Repository Manager – Incorrect Authorization allows credential disclosure via proxy repository configuration_CVE-2026-10741 Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegat...	Sonatype	Nexus Repository Manager 3.1.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-48823	Shaarli has Stored Cross-Site Scripting (XSS) via Tags Search_CVE-2026-48823 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48822	Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links_CVE-2026-48822 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-H...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48817	Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`_CVE-2026-48817 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by low...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-32682	NGINX Gateway Fabric vulnerability_CVE-2026-32682 When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources...	F5	NGINX Gateway Fabric 1.3.0	Jun 17, 2026	CVE