MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2026-9775	ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability_CVE-2026-9775 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary fil...	ATEN	Unizon 2.7.262.002	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-9774	ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability_CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary...	ATEN	Unizon 2.7.262.002	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-55455	Appsmith: SSRF in REST API / GraphQL datasource plugins via insufficient host denylist_CVE-2026-55455 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils...	appsmithorg	appsmith < 2.1	Jun 24, 2026	CVE
MEDIUM 5.9	CVE-2026-54068	SiYuan: Unauthenticated SQLite Data Exfiltration via Template Injection in /api/icon/getDynamicIcon_CVE-2026-54068 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the /api/icon/getDynamicIcon endpoint is explicitly excluded from au...	siyuan-note	siyuan < 3.7.0	Jun 24, 2026	CVE
MEDIUM 6.1	CVE-2026-53766	chrome-devtools-mcp: validatePath() does not canonicalize symlinks before enforcing roots_CVE-2026-53766 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpCont...	ChromeDevTools	chrome-devtools-mcp >= 0.24.0, < 1.1.0	Jun 24, 2026	CVE
MEDIUM 6.1	CVE-2026-53765	chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory_CVE-2026-53765 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chr...	ChromeDevTools	chrome-devtools-mcp >= 0.20.0, < 1.1.0	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-10642	Unbounded TX busy-loop DoS in Zephyr PL011 UART driver under CTS hardware flow control_CVE-2026-10642 The Zephyr PL011 UART driver (drivers/serial/uart_pl011.c) contains an unbounded software loop in pl011_irq_tx_enable() that repeatedly invokes the...	zephyrproject	zephyr 4.1.0	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-53949	Ghost Content API filter bypass reveals private fields_CVE-2026-53949 Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be part...	TryGhost	Ghost >= 5.46.1, < 6.21.2	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-53948	Ghost: File Upload Content-Type Spoofing_CVE-2026-53948 Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admi...	TryGhost	Ghost >= 6.19.4, < 6.21.1	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-53947	Ghost: Member existence leak via magic link sign-in response_CVE-2026-53947 Ghost is a Node.js content management system. From 5.18.0 until 6.21.1, a discrepancy in responses from the members signin endpoints made it possib...	TryGhost	Ghost >= 5.18.0, < 6.21.1	Jun 24, 2026	CVE