MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-10693	SourceCodester Online Boat Reservation System Administrative Endpoint improper authorization_CVE-2026-10693 A security vulnerability has been detected in SourceCodester Online Boat Reservation System 1.0. Affected by this vulnerability is an unknown funct...	SourceCodester	Online Boat Reservation System 1.0	Jun 3, 2026	CVE
MEDIUM 6.9	CVE-2026-10704	SourceCodester Pizzafy E-Commerce System Administrative Control Panel admin_class_novo.php login sql injection_CVE-2026-10704 A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /adm...	SourceCodester	Pizzafy E-Commerce System 1.0	Jun 3, 2026	CVE
MEDIUM 5.3	CVE-2026-10703	EIPStackGroup OpENer SendRRData cipmessagerouter.c CreateMessageRouterRequestStructure use after free_CVE-2026-10703 A security vulnerability has been detected in EIPStackGroup OpENer up to 2.3.0. Affected is the function CreateMessageRouterRequestStructure of the...	EIPStackGroup	OpENer 2.0	Jun 3, 2026	CVE
MEDIUM 4.6	CVE-2026-10718	Open Seachest/Seachest NVMe Trim (Deallocate) Vulnerability_CVE-2026-10718 Out of bounds write in openSeaChest’s Trim/Unmap operation in Seagate’s openSeaChest v26.03.0 on all supported platforms allows for writing extra m...	N/A	N/A	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10662	ahujasid blender-mcp ZIP File server.py requests.get server-side request forgery_CVE-2026-10662 A vulnerability was found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The affected element is the function requests.get...	ahujasid	blender-mcp 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b	Jun 2, 2026	CVE
MEDIUM 5.7	CVE-2026-44654	LibreChat: Shared-agent editor can globally delete owner’s file records — breaks owner’s other private agents_CVE-2026-44654 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete...	danny-avila	LibreChat < 0.8.5	Jun 2, 2026	CVE
MEDIUM 6.5	CVE-2026-44653	LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets_CVE-2026-44653 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to...	danny-avila	LibreChat < 0.8.4	Jun 2, 2026	CVE
MEDIUM 4.9	CVE-2026-41412	alf.io vulnerable to Arbitrary File Read and Exfil via simpleHttpClient Extension Script_CVE-2026-41412 alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, the alf.io e...	alfio-event	alf.io < 2.0-M5-2606	Jun 2, 2026	CVE
MEDIUM 5.1	CVE-2026-10688	ahujasid blender-mcp server.py execute_blender_code code injection_CVE-2026-10688 A vulnerability was determined in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. The impacted element is the function execute...	ahujasid	blender-mcp 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-9732	EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update_CVE-2026-9732 The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, an...	planetshaker	EmergencyWP – Dead Man's switch & legacy deliverance	Jun 2, 2026	CVE