MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-6673	Mattermost Jira plugin had unauthenticated {{/ac/installed}} lifecycle callback during pending Jira Cloud install_CVE-2026-6673 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 4.4	7DF60A36-5B48-	Exploit for CVE-2026-2002_7DF60A36-5B48-59EB-A46D-66756D01D7E4 Sumary The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting vi...	N/A	N/A	Jun 22, 2026	GITHUBEXPLOIT
MEDIUM 6.4	CVE-2026-6062	IDOR in Jira plugin subscription edit endpoint_CVE-2026-6062 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-5139	GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration_CVE-2026-5139 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-56450	AIL Framework – Missing Rate Limiting Enables Brute-Force Attacks Against Two-Factor Authentication Codes_CVE-2026-56450 AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification st...	ail project	ail framework	Jun 22, 2026	CVE
MEDIUM 4.3	MS:CVE-2026-12446	Chromium: CVE-2026-12446 Insufficient data validation in Passwords_MS:CVE-2026-12446 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 5.4	CVE-2026-10601	Path Traversal in Tempo and Loki Data Source Plugins — Credential Leakage and Admin Endpoint Access_CVE-2026-10601 The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, ena...	Grafana	Grafana OSS 11.6.0	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2025-33128	IBM Engineering Lifecycle Management – Engineering Workflow Management is impacted by vulnerabilities HTML / XSS Injection observed_CVE-2025-33128 IBM Engineering Workflow Management 7.0.3 through 7.0.3 Interim Fix 020, and 7.1 through 7.1 Interim Fix 007 is vulnerable to cross-site scripting....	IBM	Engineering Workflow Management 7.0.3	Jun 22, 2026	CVE
MEDIUM 6	CVE-2025-2669	Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data, and Db2 Warehouse on Cloud Pak for Data._CVE-2025-2669 IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform ope...	IBM	Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 4.8.0	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-12862	XLSX formula injection in exports_CVE-2026-12862 Untrusted user data was passed verbatim to Excel exports for administrators. This allowed formula injection which can be used to compromise the env...	pretix	Venueless 0.0.0	Jun 22, 2026	CVE