MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-56227	Capgo – Server-Side Request Forgery via Webhook URL Validation_CVE-2026-56227 Capgo before 12.128.2 contains a server-side request forgery vulnerability in webhook URL validation that allows loopback and internal addresses. O...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 6.9	CVE-2026-56218	Capgo – EXIF Metadata Exposure via Image Upload_CVE-2026-56218 Capgo before 12.128.2 fails to strip EXIF metadata including GPS geolocation data from uploaded images, allowing information disclosure. Attackers ...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 5.1	CVE-2025-71331	Flowise – Cross-Site Scripting in Chat Messages and Agent Workflows_CVE-2025-71331 Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent f...	Flowise	Flowise	Jun 20, 2026	CVE
MEDIUM 5.9	CVE-2026-12673	CVE-2026-12673_CVE-2026-12673 Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secon...	liquidfiles	liquidfiles	Jun 20, 2026	CVE
MEDIUM 6.5	CVE-2026-12119	Simple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute_CVE-2026-12119 The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' s...	eemitch	Simple File List	Jun 20, 2026	CVE
MEDIUM 6.9	CVE-2026-56213	Capgo – Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC_CVE-2026-56213 Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgR...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 5.1	CVE-2026-56212	Capgo – Improper 2FA Enforcement Logic via Team Security Settings_CVE-2026-56212 Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable man...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 6.9	CVE-2026-56080	Cap-go – Authentication Logic Flaw in Enforce Password Policy_CVE-2026-56080 Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their...	Cap-go	capgo	Jun 19, 2026	CVE
MEDIUM 4.3	MS:CVE-2026-12446	CVE-2026-12446 Insufficient data validation in Passwords_MS:CVE-2026-12446 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 4.2	MS:CVE-2026-12453	CVE-2026-12453 Insufficient validation of untrusted input in Input_MS:CVE-2026-12453 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE