MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.9	CVE-2026-9083	Keycloak: keycloak: information disclosure through arbitrary filesystem path probing_CVE-2026-9083 A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesyst...	Red Hat	Red Hat Build of Keycloak	Jun 25, 2026	CVE
MEDIUM 5.5	CVE-2026-55439	Halo: Path Traversal in Backup Download Leads to Arbitrary File Read_CVE-2026-55439 Halo is an open source website building tool. Prior to 2.24.3, a path traversal vulnerability in the backup download endpoint allows authenticated ...	halo-dev	halo < 2.24.3	Jun 25, 2026	CVE
MEDIUM 6.8	CVE-2026-55411	ToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization’s data-source secrets_CVE-2026-55411 ToolJet is the open-source foundation am AI-native platform for building and deploying internal tools, workflows and AI agents. Prior to 3.20.1780-...	ToolJet	ToolJet < 3.20.1780-lts	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-54573	Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy_CVE-2026-54573 Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl ...	outline	outline < 1.8.0	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-54448	Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser_CVE-2026-54448 Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAl...	aquasecurity	trivy < 0.71.0	Jun 25, 2026	CVE
MEDIUM 5.9	CVE-2026-54040	LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass_CVE-2026-54040 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint r...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54037	LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork_CVE-2026-54037 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and f...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-54029	LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter_CVE-2026-54029 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54027	LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization_CVE-2026-54027 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any auth...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 5.4	CVE-2026-54025	LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview_CVE-2026-54025 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown ar...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE