MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.9	CVE-2026-48615	CVE-2026-48615_CVE-2026-48615 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are em...	nodejs	node 22.22.3	Jun 26, 2026	CVE
MEDIUM 4.8	CVE-2026-8661	Server-Side Cross-Site Scripting and SSRF in Rapid7 InsightConnect Markdown to PDF Plugin_CVE-2026-8661 Server-Side Cross-Site Scripting and Server-Side Request Forgery vulnerability in the markdown_to_pdf action of Rapid7 InsightConnect Markdown Plug...	Rapid7	InsightConnect Markdown Plugin	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-13226	Groundhogg <= 4.5.4 - Authenticated (Custom+) SQL Injection via 'after' Parameter_CVE-2026-13226 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter i...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 26, 2026	CVE
MEDIUM 6.5	CVE-2026-40084	Cacti: Arbitrary File Read via Path Traversal in Report `format_file` Parameter_CVE-2026-40084 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report ...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
MEDIUM 5.4	CVE-2026-40082	Cacti: Session Fixation via missing session_regenerate_id() after login_CVE-2026-40082 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have missing session_regenerate_id() after login, lea...	Cacti	cacti < 1.2.31	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-43920	FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution_CVE-2026-43920 FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in ...	FOSSBilling	FOSSBilling >= 0.5.4, < 0.8.0	Jun 25, 2026	CVE
MEDIUM 6.4	CVE-2026-13318	Virt-api-rhel9: kubevirt: kubevirt: ssrf in virt-api port-forward via unvalidated guest-agent-reported ip_CVE-2026-13318 A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a Virtua...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 4.2	CVE-2026-13218	Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher_CVE-2026-13218 A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.W...	Red Hat	Red Hat OpenShift Virtualization 4	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-13083	Pen-drive: pen-drive: stored xss via unescaped cluster data in html report_CVE-2026-13083 A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An ...	Red Hat	Pen Drive Powered by Red Hat Lightspeed	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-12993	Apicurio/apicurio-registry: apicurio-registry: xml entity-expansion denial of service via internal dtd subset_CVE-2026-12993 A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE dec...	Red Hat	Red Hat build of Apicurio Registry 3	Jun 25, 2026	CVE