MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-13318	Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318 A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a Virtua...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 4.2	CVE-2026-13218	Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher_CVE-2026-13218 A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.W...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-13083	Pen-drive: pen-drive: stored xss via unescaped cluster data in html report_CVE-2026-13083 A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An ...	Red Hat	Pen Drive Powered by Red Hat Lightspeed	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-12993	Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset_CVE-2026-12993 A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE dec...	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-6731	X.509 name constraint bypass via Subject CN treated as a DNS name_CVE-2026-6731 X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's D...	wolfSSL	wolfSSL 3.9.10	Jun 25, 2026	CVE
MEDIUM 5.9	CVE-2026-8720	HMAC-BLAKE2 final discards message when key length exceeds block size_CVE-2026-8720 wc_Blake2bHmacFinal and wc_Blake2sHmacFinal discard the message when the key length exceeds the block size, producing a MAC that is independent of ...	wolfSSL	wolfSSL 5.9.0	Jun 25, 2026	CVE
MEDIUM 6.3	CVE-2026-6330	ML-KEM ARM64 NEON ciphertext comparison only compares half of the input_CVE-2026-6330 The ML-KEM ARM64 NEON ciphertext comparison only compares half of the input, breaking the Fujisaki-Okamoto transform's implicit rejection and weake...	wolfSSL	wolfSSL 5.7.4	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-6329	PKCS#12 MAC verification uses attacker-controlled comparison length_CVE-2026-6329 PKCS#12 MAC verification uses an attacker-controlled comparison length, weakening the integrity check on the MAC and allowing a mismatched MAC to b...	wolfSSL	wolfSSL 3.10.0	Jun 25, 2026	CVE
MEDIUM 6	CVE-2026-55962	TLS 1.3 post-handshake authentication: server accepts Finished without client Certificate/CertificateVerify_CVE-2026-55962 TLS 1.3 post-handshake authentication (PHA) issue where a server could accept a client's Finished message without the client having sent a Certific...	wolfSSL	wolfSSL 5.5.4	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-44622	EVoke Systems EVoke CSMS Insufficiently Protected Credentials_CVE-2026-44622 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.	EVoke	EVoke CSMS All versions	Jun 25, 2026	CVE