MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-56762	Hono – Missing Cookie Name Validation in setCookie()_CVE-2026-56762 Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing inv...	Hono	Hono	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-56376	ImageMagick – Heap Use-After-Free in Meta Coder_CVE-2026-56376 ImageMagick before 7.1.2-15 and 6.9.13-40 contains a heap use-after-free in the meta coder: when memory allocation fails, a single byte is written ...	ImageMagick	ImageMagick	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-56301	Nuxt – Arbitrary File Read via World-Connectable vite-node IPC Socket on Linux_CVE-2026-56301 Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abs...	Nuxt	Nuxt 4.0.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-56275	Flowise – Server-Side Request Forgery via Execute Flow Base URL_CVE-2026-56275 Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validat...	Flowise	Flowise	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-56263	Crawl4AI – Stored Cross-Site Scripting in Monitor Dashboard_CVE-2026-56263 Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via ...	Crawl4AI	Crawl4AI	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56234	Capgo – Password Spraying via Public-Key Accessible Credential Validation Endpoint_CVE-2026-56234 Capgo before 12.128.2 contains a credential validation vulnerability in the POST /functions/v1/private/validate_password_compliance endpoint that i...	Capgo	Capgo	Jun 23, 2026	CVE
MEDIUM 6.4	CVE-2026-4610	ProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message Content_CVE-2026-4610 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pm_author_messag...	metagauss	ProfileGrid – User Profiles, Groups and Communities	Jun 23, 2026	CVE
MEDIUM 6.1	CVE-2026-10857	Reflected XSS in Akinsoft’s e-Commerce_CVE-2026-10857 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in AKIN Software Computer Import Export Industry...	AKIN Software Computer Import Export Industry and Trade Ltd.	e-Commerce	Jun 23, 2026	CVE
MEDIUM 4.1	CVE-2026-4983	CVE-2026-4983_CVE-2026-4983 Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml withou...	Eclipse Foundation	Eclipse Open VSX 0.1.0	Jun 23, 2026	CVE
MEDIUM 5	CVE-2026-55655	Openssh: local mitm of x11 forwarding via abstract unix socket pre-binding in red hat enterprise linux openssh client versions_CVE-2026-55655 A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possib...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE