MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-48028	Mastodon: Removal of integrity-protected JSON entries from signed activities_CVE-2026-48028 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-46349	Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring_CVE-2026-46349 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-54686	Warp: DCS lifecycle hook spoofing can alter terminal session metadata_CVE-2026-54686 Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutat...	warpdotdev	warp >= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-48789	AnythingLLM: Windows path containment bypass in document folder route_CVE-2026-48789 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Win...	Mintplex-Labs	anything-llm < 1.13.0	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-44022	Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands_CVE-2026-44022 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2....	docling-project	docling >= 2.73.0, < 2.91.0	Jun 24, 2026	CVE
MEDIUM 4.2	CVE-2026-57307	CVE-2026-57307_CVE-2026-57307 A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to con...	Jenkins Project	Jenkins Zowe zDevOps Plugin	Jun 24, 2026	CVE
MEDIUM 4.2	CVE-2026-57306	CVE-2026-57306_CVE-2026-57306 A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect t...	Jenkins Project	Jenkins Zowe zDevOps Plugin	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-57305	CVE-2026-57305_CVE-2026-57305 A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Plugin 1.4 and earlier allows attackers to connect to an attacker-specified U...	Jenkins Project	Jenkins Assembla Plugin	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-57304	CVE-2026-57304_CVE-2026-57304 A missing permission check in Jenkins Assembla Plugin 1.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-speci...	Jenkins Project	Jenkins Assembla Plugin	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-57302	CVE-2026-57302_CVE-2026-57302 Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed b...	Jenkins Project	Jenkins FitNesse Plugin 1.36	Jun 24, 2026	CVE