MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.2	CVE-2026-54298	Astro: XSS via Unescaped Attribute Names in Spread Props_CVE-2026-54298 Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and pas...	withastro	astro < 6.4.6	Jun 22, 2026	CVE
MEDIUM 6.5	CVE-2026-54288	Hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`_CVE-2026-54288 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, the Body Limit Middleware trusts the reques...	honojs	hono < 4.12.25	Jun 22, 2026	CVE
MEDIUM 6	CVE-2026-44273	CVE-2026-44273_CVE-2026-44273 Dell Wyse Management Suite (WMS), versions prior to WMS 2605, contain a Use of Default Credentials vulnerability. A high privileged attacker with l...	Dell	Wyse Management Suite (WMS)	Jun 22, 2026	CVE
MEDIUM 5.9	CVE-2026-10852	IBM i is Affected By a Denial of Service in IBM WebSphere Application Server Liberty_CVE-2026-10852 IBM i 7.6, 7.5, 7.4, and 7.3, IBM WebSphere Application Server, and IBM WebSphere Application Server Liberty are vulnerable to denial of service in...	IBM	i 7.6	Jun 22, 2026	CVE
MEDIUM 6.9	PACKETSTORM:223968	📄 OpenBSD mpls_do_error Stack Disclosure_PACKETSTORM:223968 OpenBSD suffers from an mplsdoerror remote kernel stack disclosure vulnerability via an MPLS label stack...	N/A	N/A	Jun 22, 2026	PACKETSTORM
MEDIUM 4.7	MS:CVE-2026-12463	Chromium: CVE-2026-12463 Inappropriate implementation in Views_MS:CVE-2026-12463 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 4.2	MS:CVE-2026-12453	Chromium: CVE-2026-12453 Insufficient validation of untrusted input in Input_MS:CVE-2026-12453 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
MEDIUM 6.5	CVE-2026-9822	WP Hotel Booking < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers_CVE-2026-9822 The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users...	Unknown	WP Hotel Booking	Jun 19, 2026	CVE
MEDIUM 6.1	CVE-2026-4110	Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list_CVE-2026-4110 The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page,...	Unknown	ultimate-woocommerce-auction-pro	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-10530	Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token_CVE-2026-10530 The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowin...	Unknown	Pie Register	Jun 22, 2026	CVE