MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-12131	CodeAstro Human Resource Management System Payroll Invoice Payroll.php sql injection_CVE-2026-12131 A weakness has been identified in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function Invoice of the file \appl...	CodeAstro	Human Resource Management System 1.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-9641	Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations_CVE-2026-9641 Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations. The default algorithm is HMAC-SHA1, which ...	ARODLAND	Crypt::PBKDF2	Jun 12, 2026	CVE
MEDIUM 6	CVE-2026-47225	Improper Search Cache Isolation for Scoped Search API Keys in Typesense_CVE-2026-47225 Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that ...	typesense	typesense < 29.1	Jun 12, 2026	CVE
MEDIUM 5.4	CVE-2026-47223	NanaZip: Heap out-of-bounds read in NanaZip AVB hashtree descriptor parser via 32-bit unsigned integer overflow_CVE-2026-47223 NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap out-of-bou...	M2Team	NanaZip >= 3.0.1000.0, < 6.0.1698.0	Jun 12, 2026	CVE
MEDIUM 5	CVE-2026-44173	MariaDB: FILE privilege was not checked for subqueries in the FROM clause_CVE-2026-44173 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.26	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44172	MariaDB: mysql_real_escape_string() incorrectly handled big5_CVE-2026-44172 MariaDB server is a community developed fork of MySQL server. In versions 3.3.18 and 3.4.8, an application that was taking non-validated user input...	MariaDB	server = 3.3.18	Jun 12, 2026	CVE
MEDIUM 6.3	CVE-2026-44171	MariaDB: path traversal in mbstream_CVE-2026-44171 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.26	Jun 12, 2026	CVE
MEDIUM 6.3	CVE-2026-44170	MariaDB: Argument injection in CONNECT REST Xcurl on Windows via unsanitized URL_CVE-2026-44170 MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before ...	MariaDB	server >= 10.6.1, < 10.6.26	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-44169	MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions_CVE-2026-44169 MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user g...	MariaDB	server >= 11.4.1, < 11.4.11	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-53726	Parse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACL_CVE-2026-53726 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.80 and 9.9.1-alpha.6,...	parse-community	parse-server < 8.6.80	Jun 12, 2026	CVE