MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-57235	Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`_CVE-2026-57235 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-49319	Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack_CVE-2026-49319 Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a rol...	Alps Electric Co., Ltd.	Remote Keyless Entry System (RKES) R53R0 R53R0	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-13225	Stored XSS in ticket confirmation page_CVE-2026-13225 Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page fo...	pretix	pretix	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-13223	Insufficient validation of payment status in pretix-computop_CVE-2026-13223 Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successfu...	pretix	pretix-computop	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-13222	Insufficient validation of payment status in pretix-oppwa_CVE-2026-13222 Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful p...	pretix	pretix-oppwa	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-9718	CVE-2026-9718_CVE-2026-9718 CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting sys...	Schneider Electric	PowerLogic™ P7 Version V02.003.001.000 and prior	Jun 25, 2026	CVE
MEDIUM 6.7	CVE-2026-9651	CVE-2026-9651_CVE-2026-9651 CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potenti...	Schneider Electric	EasyLogic T150 (formerly Saitel DR) Remote Terminal Unit & Controller Version 11.06.31 and prior	Jun 25, 2026	CVE
MEDIUM 4	CVE-2026-57455	Vim: Stack out-of-bounds write in `spell_soundfold_sofo()` via an over-length `soundfold()` argument_CVE-2026-57455 Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a wo...	vim	vim < 9.2.0698	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-57454	Vim: Out-of-bounds Read with Text Properties_CVE-2026-57454 Vim is an open source, command line text editor. From 9.2.0320 until 9.2.0679, a crafted undo or swap file can store a virtual-text property whose ...	vim	vim >= 9.2.0320, < 9.2.0679	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-57453	Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction_CVE-2026-57453 Vim is an open source, command line text editor. From 9.1.1784 until 9.2.0678, when the bundled zip plugin autoload/zip.vim falls back to PowerShel...	vim	vim >= 9.1.1784, < 9.2.0678	Jun 25, 2026	CVE