MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.7	CVE-2026-44696	OpenProject: Stored CSS injection via Sanitize::Config::RELAXED[:css] enables phishing overlays and data exfiltration_CVE-2026-44696 OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text (markdown) rendering pipeline uses Sani...	opf	openproject < 17.4.0	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-29509	Patool < 4.0.5 Path Traversal via safe_extract() Function_CVE-2026-29509 Patool before 4.0.5 contains a path traversal vulnerability in the safe_extract() function in patoolib/programs/py_tarfile.py when running on Pytho...	wummel	patool	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-48770	Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash_CVE-2026-48770 Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malfor...	notepad-plus-plus	notepad-plus-plus < 8.9.6.1	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-53577	Kestra: Cross-Execution File Read via Preview Endpoint (IDOR)_CVE-2026-53577 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tena...	kestra-io	kestra < 1.0.45	Jun 26, 2026	CVE
MEDIUM 6.5	MS:CVE-2026-13022	Chromium: CVE-2026-13022 Inappropriate implementation in Autofill_MS:CVE-2026-13022 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 4.3	MS:CVE-2026-13021	Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials_MS:CVE-2026-13021 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 5.3	MS:CVE-2026-13023	Chromium: CVE-2026-13023 Uninitialized Use in GPU_MS:CVE-2026-13023 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 4.2	MS:CVE-2026-13024	Chromium: CVE-2026-13024 Insufficient validation of untrusted input in Navigation_MS:CVE-2026-13024 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 4.7	MS:CVE-2026-13034	Chromium: CVE-2026-13034 Inappropriate implementation in Passwords_MS:CVE-2026-13034 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 27, 2026	MSCVE
MEDIUM 6.3	CVE-2026-55448	mise: Local credential_command executes untrusted config_CVE-2026-55448 mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local proj...	jdx	mise < 2026.6.4	Jun 26, 2026	CVE