MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-57953	Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint_CVE-2026-57953 Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write ...	its-a-feature	Mythic	Jun 29, 2026	CVE
MEDIUM 6	CVE-2026-57952	Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID_CVE-2026-57952 Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_ru...	its-a-feature	Mythic	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57947	Pinpoint – Server-Side Request Forgery via Alarm Webhook Registration_CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to...	pinpoint-apm	pinpoint	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57946	Invidious – Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint_CVE-2026-57946 Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private play...	iv-org	Invidious	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57945	PhotoPrism – Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint_CVE-2026-57945 PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' ...	photoprism	photoprism	Jun 29, 2026	CVE
MEDIUM 6	CVE-2026-57943	LibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared Endpoint_CVE-2026-57943 LibrePhotos before 1.0.0 contains a broken object level authorization vulnerability in the SetPhotosShared endpoint that allows authenticated users...	LibrePhotos	librephotos	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-57942	LibreTranslate – IP Spoofing via X-Forwarded-For Header_CVE-2026-57942 LibreTranslate through 1.9.7, fixed in commit 397fd22, contains an IP spoofing vulnerability in the get_remote_address() function that allows unaut...	LibreTranslate	LibreTranslate	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-56781	Teable – Unauthenticated Hidden Field Disclosure via Projection Parameter Override_CVE-2026-56781 Teable before 2026-06-15T04-43-24Z.1912 contains an improper access control vulnerability that allows anonymous attackers to access hidden field da...	teableio	teable	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-13592	liftoff-sr CIPster EtherNet IP Message append out-of-bounds write_CVE-2026-13592 A vulnerability was detected in liftoff-sr CIPster up to e8e9dba09bf56962807d3504b783ccdb6287f3e4. Affected by this issue is the function BufWriter...	liftoff-sr	CIPster e8e9dba09bf56962807d3504b783ccdb6287f3e4	Jun 29, 2026	CVE
MEDIUM 6.8	CVE-2026-9105	Authenticated Stack-Based Buffer Overflow in TP-Link TL-WR841N Web Interface_CVE-2026-9105 An authenticated stack-based buffer overflow vulnerability exists in the web management interface of TP-Link TL-WR841N v14. A remote authenticated...	TP-Link Systems Inc.	TL-WR841N v14	Jun 29, 2026	CVE