MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-5038	multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads_CVE-2026-5038 Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malf...	multer	multer 2.0.0-alpha.1	Jun 15, 2026	CVE
MEDIUM 4.8	CVE-2026-10634	Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback_CVE-2026-10634 Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAF...	zephyrproject	zephyr 2.5.0	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2025-15659	WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15659 Contributor Cross Site Scripting (XSS) in Elizaibots	liseperu	Elizaibots n/a	Jun 15, 2026	CVE
MEDIUM 5.9	CVE-2025-15658	WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15658 Administrator Cross Site Scripting (XSS) in WP Emmet	rewish	WP Emmet n/a	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-8385	WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback_CVE-2026-8385 The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables ...	Unknown	WP Go Maps	Jun 15, 2026	CVE
MEDIUM 6.3	CVE-2026-6517	Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed_CVE-2026-6517 Mattermost Desktop App versions	Mattermost	Mattermost	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48969	WordPress Really Simple SSL plugin <= 9.5.9 - Broken Access Control vulnerability_CVE-2026-48969 Subscriber Broken Access Control in Really Simple SSL	Really Simple Plugins B.V.	Really Simple SSL n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2025-64215	WordPress MasterStudy LMS Pro plugin < 4.7.16 - Broken Access Control vulnerability_CVE-2025-64215 Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro allows Accessing Functionality Not Properly Constrained by ACLs. This is...	StylemixThemes	MasterStudy LMS Pro n/a	Jun 15, 2026	CVE
MEDIUM 6.9	CVE-2026-34030	Improper branch-code validation in Wertheim SafeController Software allows file path manipulation_CVE-2026-34030 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created....	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
MEDIUM 6.8	CVE-2026-34029	Hard-coded cryptographic key in Wertheim SafeController Software allows decryption of sensitive configuration data_CVE-2026-34029 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Sec...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE