MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-13023	CVE-2026-13023_CVE-2026-13023 Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain pote...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-13021	CVE-2026-13021_CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same ori...	Google	Chrome 149.0.7827.197	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2025-60471	CVE-2025-60471_CVE-2025-60471 A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows at...	n/a	n/a n/a	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-48028	Mastodon: Removal of integrity-protected JSON entries from signed activities_CVE-2026-48028 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-46349	Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring_CVE-2026-46349 Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incomi...	mastodon	mastodon >= 4.5.0-beta.1, < 4.5.10	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-54686	Warp: DCS lifecycle hook spoofing can alter terminal session metadata_CVE-2026-54686 Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutat...	warpdotdev	warp >= 0.2021.04.25.23.05.stable_00, < 0.2026.05.13.09.15.stable_01	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-48789	AnythingLLM: Windows path containment bypass in document folder route_CVE-2026-48789 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Win...	Mintplex-Labs	anything-llm < 1.13.0	Jun 24, 2026	CVE
MEDIUM 5.5	CVE-2026-44022	Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands_CVE-2026-44022 Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.73.0 until 2....	docling-project	docling >= 2.73.0, < 2.91.0	Jun 24, 2026	CVE
MEDIUM 4.2	CVE-2026-57307	CVE-2026-57307_CVE-2026-57307 A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to con...	Jenkins Project	Jenkins Zowe zDevOps Plugin	Jun 24, 2026	CVE
MEDIUM 4.2	CVE-2026-57306	CVE-2026-57306_CVE-2026-57306 A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect t...	Jenkins Project	Jenkins Zowe zDevOps Plugin	Jun 24, 2026	CVE