MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-54314	n8n: Denial of Service via ZIP decompression in webhook workflow_CVE-2026-54314 n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54313	n8n: NoSQL Injection in MongoDB Node Find And Replace Operation_CVE-2026-54313 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filte...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-54311	n8n: Merge Node SQL Mode Prototype Pollution_CVE-2026-54311 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54310	n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes_CVE-2026-54310 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-54303	n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints_CVE-2026-54303 n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query par...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 5.5	4E361A66-0287-	Exploit for Path Traversal in Microsoft_4E361A66-0287-5D9D-9DA5-91D2EF34D2CB 🛡️ NimbusPWN-CVE-2022-29799-29800 - Test local privilege escalation security flaws 📖 About this tool This software helps security researchers stud...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
MEDIUM 5.4	CVE-2026-8378	Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename_CVE-2026-8378 The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoi...	Unknown	Frontend File Manager Plugin	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-7842	Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter_CVE-2026-7842 The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in...	Unknown	Infility Global	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56762	Hono – Missing Cookie Name Validation in setCookie()_CVE-2026-56762 Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing inv...	Hono	Hono	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-56376	ImageMagick – Heap Use-After-Free in Meta Coder_CVE-2026-56376 ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written ...	ImageMagick	ImageMagick	Jun 23, 2026	CVE