MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-9539	libslirp TCP URG OOB Read Information Leak_CVE-2026-9539 An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on h...	freedesktop.org	libslirp	Jun 24, 2026	CVE
MEDIUM 6.2	CVE-2026-12488	GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability_CVE-2026-12488 A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can l...	GeoVision Inc.	GeoVision V20.0.2	Jun 24, 2026	CVE
MEDIUM 6.4	CVE-2026-11614	Xpro Addons <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via 'custom_attributes' Parameter of Multiple Widgets_CVE-2026-11614 The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attributes' paramete...	xpro	Xpro Addons — 140+ Widgets for Elementor	Jun 24, 2026	CVE
MEDIUM 6.7	37C50661-A878-	kev-investigator_37C50661-A878-507B-9377-0F99874BB5CE KEV Investigator An automated investigation draft generator for CISA's Known Exploited Vulnerabilities KEV catalog — built to remove the repetitive...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
MEDIUM 5.1	CVE-2026-6458	AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty_CVE-2026-6458 Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming...	Caliptra	Core Runtime Firmware 2.0.0	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54517	jackson-databind: @JsonView bypass for setterless creator properties_CVE-2026-54517 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54516	jackson-databind: Renamed @JsonIgnore’d setters can deserialize via private fields_CVE-2026-54516 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3....	FasterXML	jackson-databind >= 2.21.0, < 2.21.4	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54515	jackson-databind: Case-insensitive deserialization bypasses per-property @JsonIgnoreProperties_CVE-2026-54515 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.8.0 until 2.18.9, 2.21.5...	FasterXML	jackson-databind >= 2.8.0, < 2.18.9	Jun 23, 2026	CVE
MEDIUM 5.3	CVE-2026-54514	jackson-databind: InetSocketAddress deserialization triggers eager DNS resolution (SSRF)_CVE-2026-54514 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.0.0 until 2.18.8, 2.21.4...	FasterXML	jackson-databind >= 2.0.0, < 2.18.8	Jun 23, 2026	CVE
MEDIUM 6.3	CVE-2026-50193	jackson-databind: Deeply nested JsonNode throws StackOverflowError for toString()_CVE-2026-50193 jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.13.0 until 2.14.0, a pot...	FasterXML	jackson-databind >= 2.10.0, < 2.14.0	Jun 23, 2026	CVE