MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-54888	Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex_CVE-2026-54888 Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir ...	leandrocp	mdex 0.3.0	Jun 29, 2026	CVE
MEDIUM 6.9	CVE-2026-53429	Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service_CVE-2026-53429 Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered docum...	leandrocp	mdex 0.11.0	Jun 29, 2026	CVE
MEDIUM 5.1	CVE-2026-57958	Mixpost 2.6.0 – Reflected XSS via OAuth Callback Error Parameter_CVE-2026-57958 Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript...	inovector	mixpost	Jun 29, 2026	CVE
MEDIUM 6.1	CVE-2026-57956	SigNoz 0.130.1 – Cross-Organization Insecure Direct Object Reference in Alert Rules_CVE-2026-57956 SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by...	SigNoz	signoz	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57954	Elide 7.1.17 – Permission Bypass in Sort Expression Validation_CVE-2026-57954 Elide through 7.1.17 fails to enforce @ReadPermission on client-supplied sort expressions in SortingImpl.getValidSortingRules, allowing attackers t...	yahoo	elide	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57953	Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint_CVE-2026-57953 Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write ...	its-a-feature	Mythic	Jun 29, 2026	CVE
MEDIUM 6	CVE-2026-57952	Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID_CVE-2026-57952 Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_ru...	its-a-feature	Mythic	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57947	Pinpoint – Server-Side Request Forgery via Alarm Webhook Registration_CVE-2026-57947 Pinpoint through 3.1.0 contains a server-side request forgery vulnerability in the webhook registration endpoint that allows authenticated users to...	pinpoint-apm	pinpoint	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57946	Invidious – Private Playlist Disclosure via Unauthenticated RSS Feed Endpoint_CVE-2026-57946 Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private play...	iv-org	Invidious	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-57945	PhotoPrism – Unauthorized User Profile Modification via PUT /api/v1/users/{uid} Endpoint_CVE-2026-57945 PhotoPrism before 260601-a7d098548 contains a broken access control vulnerability that allows authenticated non-admin users to modify other users' ...	photoprism	photoprism	Jun 29, 2026	CVE