MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.6	CVE-2026-50705	Frappe Framework 17.0.0-dev – Stored XSS in Form Dashboard headline rendering_CVE-2026-50705 A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the F...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.6	CVE-2026-50704	Frappe Framework 17.0.0-dev – Reflected/Stored XSS in File View breadcrumbs rendering_CVE-2026-50704 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-50703	Frappe Framework 17.0.0-dev – Stored XSS in Desktop Icon label rendering_CVE-2026-50703 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 5.1	CVE-2026-50701	Frappe Framework 17.0.0-dev – Reflected DOM XSS in dashboard-view breadcrumb rendering_CVE-2026-50701 A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlle...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 4.6	CVE-2026-50700	Frappe Framework 17.0.0-dev – Stored XSS in frappe.get_avatar image rendering_CVE-2026-50700 A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled i...	Frappe	Frappe Framework 17.0.0-dev	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-10531	AI Share & Summarize < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute_CVE-2026-10531 The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a pa...	Unknown	AI Share & Summarize	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-56761	hono – HTML Injection via Improper JSX Attribute Name Handling in SSR_CVE-2026-56761 hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using ...	hono	hono	Jun 24, 2026	CVE
MEDIUM 4.8	CVE-2026-56370	ImageMagick – Out-of-bounds Access in ConnectedComponentsImage via connected-components Artifact_CVE-2026-56370 ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artif...	ImageMagick	ImageMagick	Jun 24, 2026	CVE
MEDIUM 6.3	CVE-2026-56368	ImageMagick – Memory Leak in Raw Pixel Data Coders_CVE-2026-56368 ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not prope...	ImageMagick	ImageMagick	Jun 24, 2026	CVE
MEDIUM 5.1	CVE-2026-56358	n8n – Stored Cross-Site Scripting in Form Trigger Node_CVE-2026-56358 n8n before 1.123.25 (1.x) and before 2.11.2 (2.x), with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in th...	n8n	n8n	Jun 24, 2026	CVE