MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-48141	Memory leak in NI grpc-device BeginSidebandStream_CVE-2026-48141 There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-d...	NI	grpc-device	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-48140	Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream_CVE-2026-48140 There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and u...	NI	grpc-device	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-47341	Apache APISIX: Session replay issue in hmac-auth_CVE-2026-47341 Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a ...	Apache Software Foundation	Apache APISIX 3.11.0	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-47339	Apache APISIX: authz-casdoor incorrect session sharing_CVE-2026-47339 Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenti...	Apache Software Foundation	Apache APISIX 2.14.1	Jun 19, 2026	CVE
MEDIUM 5.3	CVE-2026-44087	Apache APISIX: Openid-connect plugin Identity Header Spoofing_CVE-2026-44087 Insufficient Verification of Data Authenticity vulnerability in Apache APISIX. The openid-connect plugin under default configuration has an attack...	Apache Software Foundation	Apache APISIX 2.3	Jun 19, 2026	CVE
MEDIUM 5.8	CVE-2026-39998	Apache APISIX: Identity Injection via forward-auth Plugin Missing Header Cleanup_CVE-2026-39998 Improper Input Validation vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to spoof...	Apache Software Foundation	Apache APISIX 2.12.0	Jun 19, 2026	CVE
MEDIUM 6.3	CVE-2026-21768	HCL Verse for Android is susceptible to an injection vulnerability_CVE-2026-21768 The compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input...	HCLSoftware	Verse for Android 14.5.10	Jun 19, 2026	CVE
MEDIUM 4.3	A421CF0C-0048-	Exploit for CVE-2026-11784_A421CF0C-0048-58EE-A8C4-F3EBF49171F1 CVE-2026-11784: CSRF to Arbitrary File Overwrite in Optimole WordPress Plugin Summary A Cross-Site Request Forgery CSRF vulnerability in the Optimo...	N/A	N/A	Jun 19, 2026	GITHUBEXPLOIT
MEDIUM 5.3	CVE-2026-8049	CVE-2026-8049_CVE-2026-8049 In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEV...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-9199	Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter_CVE-2026-9199 The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass i...	equalizedigital	Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance	Jun 18, 2026	CVE