Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7	CVE-2026-6653	libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling_CVE-2026-6653 Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-servic...	GNOME	libxml2 2.9.11	Jun 22, 2026	CVE
MEDIUM 6.4	CVE-2026-6062	IDOR in Jira plugin subscription edit endpoint_CVE-2026-6062 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-5139	GitLab Plugin Allows Non-Admin Users to Modify Default Instance Configuration_CVE-2026-5139 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-56450	AIL Framework – Missing Rate Limiting Enables Brute-Force Attacks Against Two-Factor Authentication Codes_CVE-2026-56450 AIL did not restrict repeated failed attempts to verify a two-factor authentication (OTP) code. An attacker who had reached the 2FA verification st...	ail project	ail framework	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-56448	Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read_CVE-2026-56448 A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authentica...	ail project	ail framework	Jun 22, 2026	CVE
MEDIUM 4.3	MS:CVE-2026-12446	Chromium: CVE-2026-12446 Insufficient data validation in Passwords_MS:CVE-2026-12446 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
NONE	THN:7B782DD6342...	Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries_THN:7B782DD6342D0803A9E4F4BA84097D55 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisV9q8kKe0eopbInTHgwScUvzjKlnPTpk74j7M6F-6BH46hVr9wcadvztA2RYJdKDQDzpV89bN4wH0hEL9qT...	N/A	N/A	Jun 22, 2026	THN
CRITICAL 9.3	CVE-2026-56447	MISP remote code execution via arbitrary rdkafka configuration path_CVE-2026-56447 MISP allowed an authenticated site administrator to set the Kafka_rdkafka_config setting to an arbitrary filesystem path. MISP subsequently parsed ...	misp	misp	Jun 22, 2026	CVE
HIGH 8.7	CVE-2026-56446	Authenticated Remote Code Execution via Arbitrary NDJSON Error Log Path in MISP_CVE-2026-56446 MISP allowed a site administrator to configure an arbitrary filesystem path for the NDJSON error log used by JsonLogTool. Because log entries can i...	misp	misp	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-56425	MISP AAD authentication plugin – Improper OAuth State Handling, Missing Session Rotation, Insecure Redirect URI Validation, and Log Injection_CVE-2026-56425 The Azure Active Directory (AAD) authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow a...	misp	misp	Jun 22, 2026	CVE