MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-53701	Gstreamer1-plugins-bad-free: gstreamer: out-of-bounds write in h.266/vvc pps picture partition parser_CVE-2026-53701 An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile...	Red Hat	Red Hat Enterprise Linux 10	Jun 11, 2026	CVE
MEDIUM 6.9	CVE-2026-52859	Vim: Out-of-bounds Read in Terminal Screen Snapshot_CVE-2026-52859 Vim is an open source, command line text editor. Prior to version 9.2.0565, the update_snapshot() function in src/terminal.c copies the visible ter...	vim	vim < 9.2.0565	Jun 11, 2026	CVE
MEDIUM 6.1	CVE-2026-47250	mcp-server-kubernetes: kubectl-generic flag injection enables Kubernetes bearer token exfiltration_CVE-2026-47250 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp...	Flux159	mcp-server-kubernetes < 3.7.0	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47177	Quest Bot: Ticket transcripts can disclose private ticket contents to a lower-visibility channel_CVE-2026-47177 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
MEDIUM 5.7	CVE-2026-47176	Quest Bot: Logging module can disclose private-channel message contents to a lower-visibility log channel_CVE-2026-47176 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot set...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
MEDIUM 6.3	CVE-2026-47173	Quest Bot: Ticket reason allows mass-mention injection_CVE-2026-47173 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a ticke...	duck-organization	quest-bot < 1.0.3	Jun 11, 2026	CVE
MEDIUM 5.1	CVE-2026-47167	Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex_CVE-2026-47167 Vim is an open source, command line text editor. Prior to version 9.2.0496, a code injection vulnerability exists in s:stepmatch() in the cucumber ...	vim	vim < 9.2.0496	Jun 11, 2026	CVE
MEDIUM 6.8	THN:D6DFE9A733B...	New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files_THN:D6DFE9A733B5347827F7FD40C745A868 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhqKyNLbT9WYm7m6ZsvIgv0mNbGJCrgEjUUXLbRZV9mmQUVi7jT9IiwlXh2kYKiMOrsCnJ-ZaoAK9GnL9jy6R...	N/A	N/A	Jun 11, 2026	THN
MEDIUM 6.5	CVE-2026-4096	A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests._CVE-2026-4096 IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could ...	IBM	DevOps Plan 3.0.0	Jun 11, 2026	CVE
MEDIUM 5.4	CVE-2026-3341	IBM Langflow Desktop 1.0.0 – 1.9.2 DNS Rebinding Bypasses SSRF Protection Allowing Access to Internal Services_CVE-2026-3341 IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker...	IBM	Langflow Desktop 1.0.0	Jun 11, 2026	CVE