MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2025-64636	WordPress Donation Thermometer plugin <= 2.2.7 - Broken Access Control vulnerability_CVE-2025-64636 Unauthenticated Broken Access Control in Donation Thermometer	rhewlif	Donation Thermometer n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2025-63079	WordPress Live Copy Paste for Elementor plugin <= 1.5.3 - Broken Access Control vulnerability_CVE-2025-63079 Contributor Broken Access Control in Live Copy Paste for Elementor	bdthemes	Live Copy Paste for Elementor n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2025-63078	WordPress Restaurant Menu by MotoPress plugin <= 2.4.11 - Broken Access Control vulnerability_CVE-2025-63078 Subscriber Broken Access Control in Restaurant Menu by MotoPress	jetmonsters	Restaurant Menu by MotoPress n/a	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2025-63041	WordPress Forget About Shortcode Buttons plugin <= 2.1.3 - Broken Access Control vulnerability_CVE-2025-63041 Contributor Broken Access Control in Forget About Shortcode Buttons	Code Amp	Forget About Shortcode Buttons n/a	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-9639	Authenticated Denial of Service via Malicious Backup Tarball in LXD_CVE-2026-9639 Nil-pointer dereference in CreateCustomVolumeFromBackup in LXD up to version 6.8 and 5.21 on Linux allows an authenticated user with can_create_sto...	Canonical	LXD 5.21.0	Jun 26, 2026	CVE
MEDIUM 5.5	CVE-2026-44018	Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend_CVE-2026-44018 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.45.0 until 2....	docling-project	docling >= 2.45.0, < 2.91.0	Jun 26, 2026	CVE
MEDIUM 5.4	CVE-2026-56823	AutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping Triggering_CVE-2026-56823 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /ap...	Significant-Gravitas	AutoGPT < 0.6.64	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-55686	Podman: WORKDIR symlink traversal vulnerability_CVE-2026-55686 Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains ...	podman-container-tools	podman >= 3.0.0, < 5.7.1	Jun 26, 2026	CVE
MEDIUM 6	CVE-2026-48529	GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion_CVE-2026-48529 GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessC...	github	github-mcp-server >= 0.22.0, < 1.1.2	Jun 26, 2026	CVE
MEDIUM 5	CVE-2026-45407	Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch_CVE-2026-45407 Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the defa...	dokku	dokku < 0.38.2	Jun 26, 2026	CVE