MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-50128	Mastodon: Spoofing of attribution domains_CVE-2026-50128 Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.11	Jun 24, 2026	CVE
MEDIUM 4.9	CVE-2025-64719	Gogs: Denial of Service in repository/wiki file listing web pages_CVE-2025-64719 Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 6.8	CVE-2026-52809	Gogs: Password-reset tokens use account-activation lifetime, ignoring RESET_PASSWORD_CODE_LIVES_CVE-2026-52809 Gogs is an open source self-hosted Git service. Prior to 0.14.3, password-reset tokens are generated using conf.Auth.ActivateCodeLives (the account...	gogs	gogs < 0.14.3	Jun 24, 2026	CVE
MEDIUM 6.7	CVE-2026-49278	Rocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor Impersonation_CVE-2026-49278 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
MEDIUM 4.4	CVE-2026-47733	Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images_CVE-2026-47733 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown...	RocketChat	Rocket.Chat < 8.5.0	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-32315	motionEye: World-Readable Configuration File Exposes Admin Password Hash_CVE-2026-32315 motionEye (mEye) is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create th...	motioneye-project	motioneye < 0.44.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-31978	motionEye: Arbitrary File Read via Path Traversal in Picture/Movie Preview Endpoint_CVE-2026-31978 motionEye (mEye) is an online interface for motion software, which is a video surveillance program with motion detection. Versions prior to 0.44.0 ...	motioneye-project	motioneye < 0.44.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-13208	Kubevirt: virt-handler-rhel9: kubevirt: virt-handler notify server trusts vmi identity from unauthenticated grpc request body_CVE-2026-13208 A flaw was found in KubeVirt's virt-handler domain notify server. The gRPC handlers for HandleDomainEvent and HandleK8SEvent derive the VMI identit...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 24, 2026	CVE
MEDIUM 5.2	CVE-2026-13201	Kubevirt: virt-handler-rhel9: kubevirt: safepath openatnofollow symlink following via /proc/self/fd allows host file metadata modification_CVE-2026-13201 A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses O_PATH\|O_NOFOLLOW to obtain a file descriptor to a path leaf, but...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-9775	ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability_CVE-2026-9775 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary fil...	ATEN	Unizon 2.7.262.002	Jun 24, 2026	CVE