MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-44976	Frappe: IDOR in update_onboarding_step_CVE-2026-44976 Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue...	frappe	frappe < 16.17.4	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-44975	Frappe: Missing authorization on reset form tours_CVE-2026-44975 Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users...	frappe	frappe < 15.107.2	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-44967	opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response_CVE-2026-44967 OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters (traces/metrics/logs) read the full ...	open-telemetry	opentelemetry-cpp < 1.27.0	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44208	Frappe: IDOR in `submit_discussion()`_CVE-2026-44208 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint...	frappe	frappe < 15.107.0	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44207	Frappe: Insecure Direct Object Reference for email accounts_CVE-2026-44207 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to acces...	frappe	frappe < 15.107.0	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44206	Frappe: DB Schema Enumeration via Frappe-Authorization-Source_CVE-2026-44206 Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an e...	frappe	frappe < 15.107.2	Jun 12, 2026	CVE
MEDIUM 5.9	CVE-2026-49993	@nuxt/webpack-builder and @nuxt/rspack-builder dev server same-origin check bypassed when Sec-Fetch-Site, Origin, and Referer are all absent (incomplete fix for GHSA-6m52-m754-pw2g)_CVE-2026-49993 Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21....	nuxt	nuxt >= 3.15.4, < 3.21.7	Jun 12, 2026	CVE
MEDIUM 6.3	CVE-2026-47200	Nuxt: Route middleware not enforced when rendering `.server.vue` pages via `/__nuxt_island/page_*`_CVE-2026-47200 Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.11.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/n...	nuxt	nuxt >= 3.11.0, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.9	CVE-2026-45670	Nuxt: Dev server exposes built source over LAN to malicious sites (incomplete fix for GHSA-4gf7-ff8x-hq99)_CVE-2026-45670 Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, an...	nuxt	nuxt >= 3.15.4, < 3.21.6	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-45669	Nuxt: Reflected XSS in `navigateTo()` external redirect_CVE-2026-45669 Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() w...	nuxt	nuxt >= 3.4.3, < 3.21.6	Jun 12, 2026	CVE