MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-42547	IRIS Alerts Can be Falsely Attributed to Customers_CVE-2026-42547 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, use...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.3	CVE-2026-42543	IRIS has a Cross-Site Request Forgery (CSRF) issue_CVE-2026-42543 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vul...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 4.3	CVE-2026-42540	IRIS has a Mass Assignment issue_CVE-2026-42540 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 6.5	CVE-2026-42539	IRIS has an Excessive Data Exposure issue_CVE-2026-42539 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return ...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE
MEDIUM 6.5	CVE-2026-49940	Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks_CVE-2026-49940 Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) wer...	RRWO	Net::CIDR::Set	Jun 4, 2026	CVE
MEDIUM 5.3	CVE-2026-46739	Net::Statsd versions before 0.13 for Perl allow metric injections_CVE-2026-46739 Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generat...	COSIMO	Net::Statsd	Jun 4, 2026	CVE
MEDIUM 6.9	CVE-2026-41207	netty-incubator-codec-ohttp’s HPKEContext operations may produce empty byte[] on failures_CVE-2026-41207 The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The ...	netty	netty-incubator-codec-ohttp < 0.0.21.Final	Jun 4, 2026	CVE
MEDIUM 5.8	CVE-2026-21404	NAVTOR NavBox Use of Hard-coded Credentials_CVE-2026-21404 NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the S...	NAVTOR	NavBox	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-5066	net: sockets: tls: Potential out-of-bounds write/read in socket_op_vtable::connect function_CVE-2026-5066 A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c)....	zephyrproject-rtos	Zephyr *	Jun 4, 2026	CVE
MEDIUM 6.3	CVE-2026-42538	IRIS has an Insecure File Upload_CVE-2026-42538 IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not ...	dfir-iris	iris-web < 2.4.28	Jun 4, 2026	CVE