MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-35049	wire-ios has Persistent Remote DoS via Integer Underflow_CVE-2026-35049 wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external m...	wireapp	wire-ios < 4.16.0	Jun 2, 2026	CVE
MEDIUM 6.4	CVE-2026-34993	AIOHTTP Vulnerable to Deserialization of Untrusted Data_CVE-2026-34993 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted ...	aio-libs	aiohttp < 3.14.0	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-10617	nextlevelbuilder GoClaw Webhook Verification auth.go resolveAuth missing authentication_CVE-2026-10617 A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http...	nextlevelbuilder	GoClaw 3.11.0	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10616	nextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization_CVE-2026-10616 A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the f...	nextlevelbuilder	GoClaw 3.11.0	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-10608	DedeCMS carbuyaction.php RemoveXSS sql injection_CVE-2026-10608 A security flaw has been discovered in DedeCMS 5.7.88. This affects the function RemoveXSS of the file /plus/carbuyaction.php. The manipulation of ...	n/a	DedeCMS 5.7.88	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-10607	DedeCMS flink.php dede_htmlspecialchars sql injection_CVE-2026-10607 A vulnerability was identified in DedeCMS 5.7.88. The impacted element is the function dede_htmlspecialchars of the file /plus/flink.php. The manip...	n/a	DedeCMS 5.7.88	Jun 2, 2026	CVE
MEDIUM 5.9	CVE-2026-10584	HTTPS Fallback to HTTP in Graph Explorer_CVE-2026-10584 Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain...	AWS	Graph Explorer 1.1.0	Jun 2, 2026	CVE
MEDIUM 5.9	CVE-2026-49267	Apache Airflow: No certificate validation on SMTP STARTTLS connections_CVE-2026-49267 Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote ...	Apache Software Foundation	Apache Airflow 2.0.0	Jun 1, 2026	CVE
MEDIUM 6.5	CVE-2026-48726	Apache Airflow: revoke_token() unreachable in FabAuthManager / KeycloakAuthManager logout path_CVE-2026-48726 A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout ...	Apache Software Foundation	Apache Airflow	Jun 1, 2026	CVE
MEDIUM 4.3	CVE-2026-46764	Apache Airflow: Event Log detail endpoint bypasses DAG-scoped event log permission filter_CVE-2026-46764 The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the...	Apache Software Foundation	Apache Airflow	Jun 1, 2026	CVE