MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-12529	SourceCodester CET Automated Grading System with AI Predictive Analytics Student Self-Registration Endpoint index.php access control_CVE-2026-12529 A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown ...	SourceCodester	CET Automated Grading System with AI Predictive Analytics 1.0	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-10741	Nexus Repository Manager – Incorrect Authorization allows credential disclosure via proxy repository configuration_CVE-2026-10741 Sonatype Nexus Repository Manager before 3.93.0 contains an authorization vulnerability in the proxy repository configuration that allows a delegat...	Sonatype	Nexus Repository Manager 3.1.0	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-48823	Shaarli has Stored Cross-Site Scripting (XSS) via Tags Search_CVE-2026-48823 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48822	Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links_CVE-2026-48822 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-H...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48817	Starlette: Arbitrary HTTP method dispatched to `HTTPEndpoint` attributes via `getattr`_CVE-2026-48817 Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and below, when dispatching a request, HTTPEndpoint selects the handler by low...	Kludex	starlette < 1.1.0	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-32682	NGINX Gateway Fabric vulnerability_CVE-2026-32682 When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources...	F5	NGINX Gateway Fabric 1.3.0	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48988	markdown-it: Quadratic complexity DoS in smartquotes rule via replaceAt string operations_CVE-2026-48988 markdown-it is a Markdown parser. Versions 14.1.1 and below contain a denial-of-service vulnerability when typographer: true is enabled, due to qua...	markdown-it	markdown-it < 14.2.0	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-48821	Shaarli: DOM-based Cross-Site Scripting (XSS) in Thumbnail Synchronizer_CVE-2026-48821 Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail ...	shaarli	Shaarli < 0.16.2	Jun 17, 2026	CVE
MEDIUM 5.5	7C677A10-9FA7-	Exploit for Path Traversal in Microsoft_7C677A10-9FA7-51FB-8E47-4CC7BE2CF1F8 NimbusPwn — networkd-dispatcher 📜 Description A C PoC for NimbusPwn, a local privilege escalation in networkd-dispatcher. An unprivileged user cla...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
MEDIUM 5.9	CVE-2026-9679	undici vulnerable to HTTP header injection via Set-Cookie percent-decoding_CVE-2026-9679 Impact: undici's cookie parser in parseSetCookie percent-decodes cookie values via qsUnescape, turning encoded sequences like %0D%0A, %00, %3B, and...	undici	undici	Jun 17, 2026	CVE