MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5	CVE-2026-11791	389-ds-base: 389-ds-base: use-after-free in schema reload via attr_syntax_swap_ht()_CVE-2026-11791 A flaw was found in 389 Directory Server. During schema reload, the attr_syntax_swap_ht() function unconditionally frees attribute syntax informati...	Red Hat	Red Hat Directory Server 11	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2025-58175	GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution_CVE-2025-58175 GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.26.4 and 2.27.3, a GeoServer that uses ...	geoserver	org.geoserver.web:gs-web-app < 2.26.4	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-56024	WordPress WP EasyPay plugin <= 4.4.0 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-56024 Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal WP EasyPay allows Cross Site Request Forgery. This issue affects WP EasyPay: from n/...	Saad Iqbal	WP EasyPay n/a	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-56022	Webmin MFA bypass_CVE-2026-56022 Webmin accepts basic authentication without session cookies when an attacker provides the 'User-Agent: webmin' header, allowing bypass of additiona...	Webmin	Webmin	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-56021	Webmin information disclosure via regex pattern_CVE-2026-56021 Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern.	Webmin	Webmin *	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-10023	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX Handlers_CVE-2026-10023 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecu...	dokaninc	Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-54386	marimo < 0.23.9 XSS via file Query Parameter in assets.py_CVE-2026-54386 marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject a...	marimo-team	marimo	Jun 17, 2026	CVE
MEDIUM 5.5	CVE-2026-48991	XianYuLauncher: Legacy Microsoft account OAuth sign-in flow lacks PKCE and state validation_CVE-2026-48991 XianYuLauncher is a Minecraft Java Edition launcher. In versions prior to 1.5.5, sensitive authentication artifacts could be exposed during a user-...	XianYuLauncher	XianYuLauncher < 1.5.5	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-48990	joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization_CVE-2026-48990 joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 throu...	authlib	joserfc < 1.6.7	Jun 17, 2026	CVE
MEDIUM 6.3	CVE-2026-48820	CakePHP: View::element() is missing a path containment check_CVE-2026-48820 CakePHP is a rapid development framework for PHP. In versions 4.5.11 and earlier, 4.6.0 through 4.6.3, 5.0.0 through 5.1.6, 5.2.0 through 5.2.12, a...	cakephp	cakephp >= 5.3.0, < 5.3.6	Jun 17, 2026	CVE