MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.1	CVE-2026-44663	OpenEXR: Integer overflow in the HTJ2K decoder leads to heap-buffer-overflow_CVE-2026-44663 OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 t...	AcademySoftwareFoundation	openexr >= 3.4.0, < 3.4.11	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-49205	phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)_CVE-2026-49205 phpMyFAQ is an open source FAQ web application. Versions prior to 4.1.4 have Missing Authorization in the API CategoryController. CVE-2026-24421 a...	thorsten	phpMyFAQ < 4.1.4	Jun 18, 2026	CVE
MEDIUM 4.8	CVE-2026-22674	Hashgraph Guardian Stored XSS via branding companyName field_CVE-2026-22674 Hashgraph Guardian through 3.5.0, fixed in commit ba8c566, contains a stored cross-site scripting vulnerability that allows authenticated users wit...	hashgraph	guardian	Jun 18, 2026	CVE
MEDIUM 6.8	CVE-2026-56074	PraisonAI – Tool Approval Cache Bypass via Coarse-Grained Caching_CVE-2026-56074 PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent execute_command calls t...	PraisonAI	PraisonAI	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-52866	Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization_CVE-2026-52866 An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applica...	Apollo Pharmacy	Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-50034	Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information_CVE-2026-50034 An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including gl...	Apollo Pharmacy	Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12050	pgAdmin 4: SQL injection in named restore point endpoint_CVE-2026-12050 SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was int...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12049	pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated ‘next’ parameter_CVE-2026-12049 Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form...	pgadmin.org	pgAdmin 4 6.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-11775	User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery_CVE-2026-11775 The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due...	adamsilverstein	User Admin Simplifier	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-56132	CVE-2026-56132_CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled...	libexpat project	libexpat	Jun 19, 2026	CVE