MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-56769	Huly Platform – Server-Side Request Forgery via /import Endpoint_CVE-2026-56769 Huly Platform before commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that a...	hcengineering	platform	Jun 25, 2026	CVE
MEDIUM 5.8	CVE-2026-54250	K3s: ZIP Archive Path Traversal Vulnerability in etcd Snapshot Decompression_CVE-2026-54250 K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerabilit...	k3s-io	k3s >= 1.35.0-rc1+k3s1, < 1.35.3+k3s1	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-54093	File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames_CVE-2026-54093 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54092	File Browser: DoS Vulnerability on Public Login API_CVE-2026-54092 File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2...	filebrowser	filebrowser < 2.63.6	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-46611	Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack_CVE-2026-46611 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server (glances -s, implemented in glances/ser...	nicolargo	glances < 4.5.5	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2025-60468	CVE-2025-60468_CVE-2025-60468 GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a d...	n/a	n/a n/a	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2025-60473	CVE-2025-60473_CVE-2025-60473 A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attac...	n/a	n/a n/a	Jun 24, 2026	CVE
MEDIUM 5	CVE-2025-60466	CVE-2025-60466_CVE-2025-60466 A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cau...	n/a	n/a n/a	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-10824	Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion_CVE-2026-10824 The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthent...	Unknown	Masteriyo LMS	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-40211	Denial of service via crafted DoH3 queries_CVE-2026-40211 An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer wil...	PowerDNS	DNSdist 1.9.0	Jun 25, 2026	CVE