MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-34028	Unauthenticated direct access to web data in Wertheim SafeController Software exposes files_CVE-2026-34028 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-34027	Upload restriction bypass in Wertheim SafeController Software allows authenticated users to upload arbitrary files_CVE-2026-34027 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-34025	IP restriction bypass in Wertheim SafeController Software allows logins from unauthorized network locations_CVE-2026-34025 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The ap...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-44188	Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration_CVE-2026-44188 A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persis...	Red Hat	Red Hat Ansible Automation Platform 2.7 1781025813	Jun 15, 2026	CVE
MEDIUM 4.4	E2CF04E5-7B2B-	Exploit for CVE-2026-48849_E2CF04E5-7B2B-56AE-BB11-79D1448AB6ED CVE-2026-48849 - Stored XSS, HTML Injection & CSS Injection in Roundcube Webmail Overview This repository contains a Proof-of-Concept PoC for CVE-2...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
MEDIUM 4.8	CVE-2026-12216	svaarala duktape duk_api_bytecode.c memory corruption_CVE-2026-12216 A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk_api_bytecode.c. Execut...	svaarala	duktape 2.99.0	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-12213	hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization_CVE-2026-12213 A vulnerability was found in hcengineering Huly Platform up to 0.7.0. Affected by this vulnerability is the function getAccountInfo of the file ser...	hcengineering	Huly Platform 0.1	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-12212	hcengineering Huly Platform RPC operations.ts getMailboxSecret access control_CVE-2026-12212 A vulnerability has been found in hcengineering Huly Platform up to 0.7.0. Affected is the function getMailboxSecret of the file server/account/src...	hcengineering	Huly Platform 0.1	Jun 15, 2026	CVE
MEDIUM 5.1	CVE-2026-12223	Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection_CVE-2026-12223 A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function mod_webd.TFTPUploadIperf of the fil...	Yealink	SIP-T46U 108.86.0.118	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-12219	Yealink SIP-T46U Web FastCGI Service start mod_diagnose.CommandShellByType command injection_CVE-2026-12219 A flaw has been found in Yealink SIP-T46U 108.86.0.118. The impacted element is the function mod_diagnose.CommandShellByType of the file /api/diagn...	Yealink	SIP-T46U 108.86.0.118	Jun 15, 2026	CVE