MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-47693	Poweradmin: CSV Injection in log export endpoints allows formula execution in spreadsheet applications_CVE-2026-47693 Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula I...	poweradmin	poweradmin < 4.2.4	Jun 23, 2026	CVE
MEDIUM 4.9	CVE-2026-12164	Privilege Escalation in Fortra File Integrity Monitoring (FIM)_CVE-2026-12164 Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permission...	Fortra	File Integrity Monitoring (FIM)	Jun 23, 2026	CVE
MEDIUM 5.5	CVE-2026-12163	Stored XSS in Fortra File Integrity Monitoring (FIM)_CVE-2026-12163 Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnera...	Fortra	Fortra File Integrity Monitoring (FIM)	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-55736	Private action arguments can be set by user input in Ash_CVE-2026-55736 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a...	ash-project	ash 3.0.0	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-55249	@rtk-ai/rtk-rewrite: OpenClaw Rewrite Plugin Command Injection via execSync Template String_CVE-2026-55249 @rtk-ai/rtk-rewrite transparently rewrites shell commands executed via OpenClaw's exec tool to their RTK equivalents. In 1.0.0, the @rtk-ai/rtk-rew...	rtk-ai	rtk 1.0.0	Jun 23, 2026	CVE
MEDIUM 4.2	CVE-2026-54319	Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape_CVE-2026-54319 Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.186, a sandbox volume refere...	daytonaio	daytona < 0.186	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-54762	Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails_CVE-2026-54762 Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes I...	traefik	traefik >= 3.7.0-ea.1, < 3.7.5	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-54761	Traefik: Kubernetes Gateway crossProviderNamespaces bypass allows HTTPRoute outside the allowlist to expose internal Traefik services_CVE-2026-54761 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.21 and 3.7.5, there is a high severity vulnerability in Traefik's Kubernetes Gatew...	traefik	traefik < 3.6.21	Jun 23, 2026	CVE
MEDIUM 4.4	CVE-2026-54325	Pi loads project-local extensions without approval_CVE-2026-54325 Pi is a minimal terminal coding harness. Pi before 0.79.0 loaded project-local configuration and resources from a repository's .pi directory withou...	earendil-works	pi < 0.79.0	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-45792	RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM_CVE-2026-45792 rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-l...	rtk-ai	rtk < 0.32.0	Jun 23, 2026	CVE