MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6	CVE-2026-53840	OpenClaw < 2026.5.12 - Custom Header Leakage via MCP Streamable HTTP Cross-Origin Redirects_CVE-2026-53840 OpenClaw before 2026.5.12 contains an information disclosure vulnerability in streamable-http MCP servers that forwards operator-configured custom ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-4367	Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing_CVE-2026-4367 A flaw was found in libXpm. A local user with low privileges could exploit an Out-of-Bounds Read vulnerability in the `xpmNextWord()` function by p...	Red Hat	Red Hat Enterprise Linux 10	Jun 16, 2026	CVE
MEDIUM 6.8	CVE-2026-48775	LangGraph Checkpoint: Unsafe JSON deserialization in checkpoint loading_CVE-2026-48775 LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions...	langchain-ai	langgraph < 1.2.2	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47963	DNG SDK \| Out-of-bounds Read (CWE-125)_CVE-2026-47963 DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An a...	Adobe	DNG SDK	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47934	DNG SDK \| Out-of-bounds Read (CWE-125)_CVE-2026-47934 DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An a...	Adobe	DNG SDK	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47927	DNG SDK \| Out-of-bounds Read (CWE-125)_CVE-2026-47927 DNG SDK versions 1.7.1 2536 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An a...	Adobe	DNG SDK	Jun 16, 2026	CVE
MEDIUM 5.5	CVE-2026-47748	stable-diffusion.cpp: Out-of-bounds reads in PyTorch checkpoint pickle opcode parsing_CVE-2026-47748 stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. Ve...	leejet	stable-diffusion.cpp < master-584-0a7ae07	Jun 16, 2026	CVE
MEDIUM 5.4	CVE-2026-46448	CVE-2026-46448_CVE-2026-46448 In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.	OpenStack	Nova 18.0.0	Jun 16, 2026	CVE
MEDIUM 5.7	CVE-2026-12425	Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10_CVE-2026-12425 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access Center all...	PowerSchool	Employee Access Center 23.10	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-53899	Cross-origin cookies could be leaked when opening a PDF link_CVE-2026-53899 Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookie...	Mozilla	Firefox for iOS 152.0	Jun 16, 2026	CVE