MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-47384	NocoDB: SQL Injection via Column Title in Bulk GroupBy_CVE-2026-47384 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated user with column-create permission can inject SQL i...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47381	NocoDB: Cross-Workspace Integration Use in Connection Test_CVE-2026-47381 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a user in one workspace could exercise another workspace's integrati...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-47379	NocoDB: Plaintext Password Comparison in Shared Views_CVE-2026-47379 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality (===) co...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
MEDIUM 4.4	CVE-2026-12892	Gstreamer1-plugins-bad: gstreamer1-plugins-bad: 1-byte heap out-of-bounds read in h.264 nal extension slice parser_CVE-2026-12892 A flaw was found in GStreamer's gst-plugins-bad package. When processing a specially crafted H.264 video file containing malformed MVC or SVC exten...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 4.3	CVE-2026-12891	Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser_CVE-2026-12891 A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-11820	Community.general: community.general nexmo — api credentials exposed in get url query string[security] community.general nexmo — api credentials exposed in get url query string_CVE-2026-11820 Module: plugins/modules/nexmo.py CVSS 3.1: 6.5 MEDIUM — AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: api_key and api_secret are declared no_log=Tr...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-11819	Community.general: community.general keyring_info — os keyring passphrase returned in plaintext_CVE-2026-11819 Module: plugins/modules/keyring_info.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase fro...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE
MEDIUM 5.1	CVE-2025-64105	FOSSBilling: IDOR Vulnerability in Support Ticket Creation_CVE-2025-64105 FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions...	FOSSBilling	FOSSBilling >= 0.6.21, < 0.8.0	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-52673	CVE-2026-52673_CVE-2026-52673 SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component	n/a	n/a n/a	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2025-55639	CVE-2025-55639_CVE-2025-55639 GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gf_isom_add_track_kind() function at isomedia/isom_write.c. This vulne...	n/a	n/a n/a	Jun 23, 2026	CVE