MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.8	CVE-2026-47770	jq: stack overflow in deep structural equality_CVE-2026-47770 jq is a command-line JSON processor. Prior to 1.8.2, comparing two sufficiently deeply nested arrays with the == operator exhausts the C stack on j...	jqlang	jq < 1.8.2	Jun 25, 2026	CVE
MEDIUM 4.8	CVE-2026-56788	RTKLIB 2.4.3 – Out-of-bounds Read via Negative Array Index in getcodepri_CVE-2026-56788 RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allo...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-56787	RTKLIB 2.4.3 – Off-by-One Out-of-Bounds Read in decode_ssr3 via RTCM3 SSR Message_CVE-2026-56787 RTKLIB through 2.4.3 contains an off-by-one out-of-bounds read vulnerability in the decode_ssr3 function at src/rtcm3.c:1446 that allows remote att...	tomojitakasu	RTKLIB	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56779	MaxKB < 2.10.0 - Server-Side Request Forgery via downloadCallbackUrl and download_url Parameters_CVE-2026-56779 MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to m...	1Panel-dev	MaxKB	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56774	Kanboard – Cross-User Deletion of Persistent Login Sessions via Unvalidated Session ID_CVE-2026-56774 Kanboard through 1.2.52, fixed in commit 928c68a, UserViewController::removeSession fails to validate the session id parameter before passing it to...	kanboard	kanboard	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-56772	NewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions Endpoint_CVE-2026-56772 NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplyi...	samuelclay	NewsBlur	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-56771	NewsBlur < 14.5.0 - Server-Side Request Forgery via add_url Endpoint_CVE-2026-56771 NewsBlur before version 14.5.0 contains a server-side request forgery vulnerability in the add_url endpoint that allows authenticated users to make...	samuelclay	NewsBlur	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-56769	Huly Platform – Server-Side Request Forgery via /import Endpoint_CVE-2026-56769 Huly Platform before commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that a...	hcengineering	platform	Jun 25, 2026	CVE
MEDIUM 5.8	CVE-2026-54250	K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression_CVE-2026-54250 K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerabilit...	k3s-io	k3s >= 1.35.0-rc1+k3s1, < 1.35.3+k3s1	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-54093	File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames_CVE-2026-54093 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE