MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-49359	PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option_CVE-2026-49359 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-49271	libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder_CVE-2026-49271 libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compress...	strukturag	libheif < 1.22.1	Jun 19, 2026	CVE
MEDIUM 5.5	CVE-2026-49336	@microsoft/kiota-http-fetchlibrary: Bearer token and Cookie leak across origin on redirect due to case-mismatched scrub in fetchRequestAdapter_CVE-2026-49336 @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-previe...	microsoft	kiota-typescript >= 1.0.0-preview.97, < 1.0.0-preview.102	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-49288	Statamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resources_CVE-2026-49288 Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view ...	statamic	cms < 5.73.23	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12238	WP Go Maps <= 10.1.01 - Unauthenticated Arbitrary Record Creation_CVE-2026-12238 The WP Go Maps – Most Popular Map Plugin plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 10.1.01. ...	wpgmaps	WP Go Maps – Google Map, OpenStreetMap, Leaflet Map	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-27878	Tempo TraceQL query with exemplar hint could result in unbounded memory usage_CVE-2026-27878 A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resultin...	Grafana	Enterprise Traces (GET) 2.6.1	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-12726	Awx: automation-controller: awx: github webhook second-order ssrf via unvalidated statuses_url exfiltrates pat credential_CVE-2026-12726 A flaw was found in the AWX GitHub webhook integration. When processing GitHub pull_request webhooks, the controller stores the pull_request.status...	Red Hat	Red Hat Ansible Automation Platform 2	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12622	Open Redirect Vulnerability in Password Reset Submission in GridTime™ 3000 GNSS Time Server_CVE-2026-12622 The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form submission. This issue affects GridTime 3000: fr...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-12621	Cross-Site Scripting (XSS) Vulnerability in Password Reset Redirect in GridTime™ 3000 GNSS Time Server_CVE-2026-12621 Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 (password reset form) allows XSS. This issue a...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE
MEDIUM 4.6	CVE-2026-12620	Access Token Exposure in URL Parameters in GridTime™ 3000 GNSS Time Server_CVE-2026-12620 The GridTime 3000 GNSS Time Server leaks the access token in the URL parameters of some endpoints. This issue affects GridTime 3000: from 1.0r0.03...	Microchip	GridTime 3000 1.0r0.03	Jun 19, 2026	CVE