MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.7	MS:CVE-2026-12463	CVE-2026-12463 Inappropriate implementation in Views_MS:CVE-2026-12463 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.5	MS:CVE-2026-12444	CVE-2026-12444 Out of bounds read in Chromoting_MS:CVE-2026-12444 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 6.5	MS:CVE-2026-12461	CVE-2026-12461 Out of bounds read in WebRTC_MS:CVE-2026-12461 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.3	CVE-2026-49345	Mercator CVE Configuration Vulnerable to Server-Side Request Forgery (SSRF)_CVE-2026-49345 Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forge...	sourcentis	mercator < 2025.05.19	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-49342	YARD static cache reads raw traversal paths before router sanitization_CVE-2026-49342 YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path...	lsegal	yard < 0.9.44	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-49337	libde265 has an unbounded memory leak via orphaned slice headers in `read_slice_NAL`_CVE-2026-49337 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_...	strukturag	libde265 < 1.0.20	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-48129	Kestra task inputFiles accepts traversal filenames for worker file writes_CVE-2026-48129 Kestra is an open-source, event-driven orchestration platform. Prior to versions 1.3.19, 1.2.19, 1.1.19, and 1.0.43, Kestra task `inputFiles` write...	kestra-io	kestra < 1.0.43	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-50519	Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability_CVE-2026-50519 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:28:35.395Z”,&#82...	Microsoft	GitHub Copilot Chat 1.0.0	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-42895	Microsoft Copilot Tampering Vulnerability_CVE-2026-42895 {“lastseen”:””,”description”:””,”published”:”2026-06-19T20:27:46.785Z”,&#82...	Microsoft	Microsoft 365 Copilot -	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-49359	PhpWeasyPrint vulnerable to SSRF and local file disclosure via the attachment option_CVE-2026-49359 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `pontedilana/php-weasyprint` fetches the...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE