MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-41001	Predictable Temp Directory in Artemis Auto-configuration_CVE-2026-41001 Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explic...	Spring	Spring Boot 4.0.0	Jun 11, 2026	CVE
MEDIUM 5.3	CVE-2026-40997	SOAP security faults leak Spring Security account state_CVE-2026-40997 Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to re...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-40996	Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default_CVE-2026-40996 Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inb...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 5.4	CVE-2026-40995	X.509 authentication bypasses Spring Security account checks_CVE-2026-40995 X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without ap...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
MEDIUM 5	CVE-2026-40992	Mail Auto-Configuration Does Not Enable SSL Hostname Verification_CVE-2026-40992 Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.m...	Spring	Spring Boot 4.0.0	Jun 11, 2026	CVE
MEDIUM 4.8	CVE-2026-40986	Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML_CVE-2026-40986 Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can res...	Spring	Spring Web Flow 4.0.0	Jun 11, 2026	CVE
MEDIUM 6.4	CVE-2026-40985	Data Binding Vulnerability in Spring Web Flow with Unified EL Parser_CVE-2026-40985 Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring...	Spring	Spring Web Flow 4.0.0	Jun 11, 2026	CVE
MEDIUM 4.7	CVE-2026-2827	Open User Map PRO <= 1.4.31 - Unauthenticated Stored Cross-Site Scripting via 'oum_location_notification'_CVE-2026-2827 The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions u...	100plugins	Open User Map PRO	Jun 11, 2026	CVE
MEDIUM 6.2	CVE-2026-53465	ImageMagick: Heap Buffer Over-Write in SF3 encoder when writing multi-frame image_CVE-2026-53465 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, a crafted multi-frame can...	ImageMagick	ImageMagick < 7.1.2-25	Jun 10, 2026	CVE
MEDIUM 4	CVE-2026-53464	ImageMagick: Memory Leak in wand option parser when providing invalid arguments_CVE-2026-53464 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-25, when providing invalid op...	ImageMagick	ImageMagick < 7.1.2-25	Jun 10, 2026	CVE