MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.8	CVE-2026-55766	guzzlehttp/psr7: CRLF Injection in HTTP Start-Line Serialization_CVE-2026-55766 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain ...	guzzle	psr7 < 2.12.1	Jun 23, 2026	CVE
MEDIUM 5.9	CVE-2026-55568	Guzzle: Silent HTTPS-Proxy Downgrade to Cleartext_CVE-2026-55568 Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the prox...	guzzle	guzzle < 7.12.1	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-54314	n8n: Denial of Service via ZIP decompression in webhook workflow_CVE-2026-54314 n8n is an open source workflow automation platform. Prior to 2.24.0, the Compression node's Decompress operation expanded attacker-controlled archi...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54313	n8n: NoSQL Injection in MongoDB Node Find And Replace Operation_CVE-2026-54313 n8n is an open source workflow automation platform. Prior to 2.24.0, an authenticated user with workflow edit access could supply a malicious filte...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 6	CVE-2026-54311	n8n: Merge Node SQL Mode Prototype Pollution_CVE-2026-54311 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
MEDIUM 6.5	CVE-2026-54310	n8n: SQL Injection in Postgres v1/TimesclaeDB Nodes_CVE-2026-54310 n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows...	n8n-io	n8n >= 2.26.0, < 2.26.2	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-54303	n8n: Reflected XSS via Facebook, WhatsApp, and Microsoft Teams Trigger Webhook Verification Endpoints_CVE-2026-54303 n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query par...	n8n-io	n8n < 2.24.0	Jun 23, 2026	CVE
MEDIUM 5.5	4E361A66-0287-	Exploit for Path Traversal in Microsoft_4E361A66-0287-5D9D-9DA5-91D2EF34D2CB 🛡️ NimbusPWN-CVE-2022-29799-29800 - Test local privilege escalation security flaws 📖 About this tool This software helps security researchers stud...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
MEDIUM 5.4	CVE-2026-8378	Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename_CVE-2026-8378 The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoi...	Unknown	Frontend File Manager Plugin	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-7842	Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter_CVE-2026-7842 The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in...	Unknown	Infility Global	Jun 23, 2026	CVE