MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.6	CVE-2026-53432	Integer Overflow in fzf_CVE-2026-53432 fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and patter...	fzf	fzf	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-4629	Keycloak: keycloak: privilege escalation through hardcoded role mapper injection_CVE-2026-4629 A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded rol...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-14209	Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions_CVE-2026-14209 A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-12388	Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper_CVE-2026-12388 A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services i...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
MEDIUM 5.1	CVE-2026-6954	Multiple vulnerabilities in Intermark IT’s WebControl CMS_CVE-2026-6954 Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or...	Intermark IT	WebControl CMS	Jun 30, 2026	CVE
MEDIUM 5.1	CVE-2026-6953	Multiple vulnerabilities in Intermark IT’s WebControl CMS_CVE-2026-6953 HTML injection vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to send an email containing malicious HTM...	Intermark IT	WebControl CMS	Jun 30, 2026	CVE
MEDIUM 6.4	CVE-2026-12610	Sssd: use-after-free crash in sssd’ ‘sssd_pam’ process_CVE-2026-12610 A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memor...	Red Hat	Red Hat Enterprise Linux 10	Jun 30, 2026	CVE
MEDIUM 4.4	CVE-2026-13316	Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config_CVE-2026-13316 A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF a...	Red Hat	Red Hat Satellite 6	Jun 30, 2026	CVE
MEDIUM 5.3	CVE-2026-12349	Premium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion via 'add_custom_sidebar' and 'remove_custom_sidebar' AJAX actions_CVE-2026-12349 The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and includi...	octagonwebstudio	Premium Addons for KingComposer	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-11367	PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter_CVE-2026-11367 The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the...	andrasweb	PixMagix – WordPress Image Editor	Jun 30, 2026	CVE