MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-13437	CVE-2026-13437_CVE-2026-13437 Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user...	Devolutions	PowerShell Universal 2026.2.0	Jun 29, 2026	CVE
MEDIUM 6	CVE-2026-13752	Snowflake CLI SQL Injection Through Improper Neutralization of Parameters in Secret Creation and SPCS Service Log Commands_CVE-2026-13752 Improper neutralization of parameters in Snowflake CLI versions prior to 3.19 allowed unintended SQL execution. An attacker could exploit this by s...	Snowflake	Snowflake CLI 1.1.0	Jun 29, 2026	CVE
MEDIUM 4.1	CVE-2026-13751	Snowflake CLI Server-Side Request Forgery via Arbitrary URL Fetch in !source/!load_CVE-2026-13751 Improper handling of untrusted remote references in Snowflake CLI versions prior to 3.19 allowed server-side request forgery. The SQL statement rea...	Snowflake	Snowflake CLI 3.6.0	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-13590	seladb PcapPlusPlus Modbus Protocol ModbusLayer.h getLength heap-based overflow_CVE-2026-13590 A security flaw has been discovered in seladb PcapPlusPlus 25.05. This impacts the function pcpp::ModbusLayer::getLength in the library Packet++/he...	seladb	PcapPlusPlus 25.05	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-13589	seladb PcapPlusPlus Telnet Subnegotiation Packet TelnetLayer.cpp getSubCommand heap-based overflow_CVE-2026-13589 A vulnerability was identified in seladb PcapPlusPlus 25.05. This affects the function pcpp::TelnetLayer::getSubCommand of the file Packet++/src/Te...	seladb	PcapPlusPlus 25.05	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-13588	seladb PcapPlusPlus TLS Hello SSLHandshake.cpp getHandshakeVersion heap-based overflow_CVE-2026-13588 A vulnerability was determined in seladb PcapPlusPlus 25.05. The impacted element is the function pcpp::SSLClientHelloMessage::getHandshakeVersion ...	seladb	PcapPlusPlus 25.05	Jun 29, 2026	CVE
MEDIUM 5.3	PACKETSTORM:224503	📄 WordPress WP Full Stripe Free 8.4.3 Missing Authorization_PACKETSTORM:224503 The WP Full Stripe Free plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 8.4.3 via the wpfsupdatefaile...	N/A	N/A	Jun 29, 2026	PACKETSTORM
MEDIUM 5.5	CVE-2026-39031	CVE-2026-39031_CVE-2026-39031 Lansweeper lsrunase 2.0 and lsencrypt 2.0 use RC4 encryption with a hardcoded 142-byte static key array to encrypt credentials. An 8-character pref...	n/a	n/a n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-56457	HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information_CVE-2026-56457 HCL DevOps Deploy / HCL Launch is susceptible to an exposure of sensitive information vulnerability in output logs. This exposure could allow an at...	HCLSoftware	HCL DevOps Deploy / HCL Launch 7.3-7.3.2.18, 8.0-8.0.1.13, 8.1-8.1.2.6, 8.2-8.2.1.0	Jun 29, 2026	CVE
MEDIUM 5.1	CVE-2026-13570	SourceCodester Inventory Management System User Registration Endpoint users_handler.php cross site scripting_CVE-2026-13570 A vulnerability was detected in SourceCodester Inventory Management System 1.0. Impacted is an unknown function of the file /api/users_handler.php ...	SourceCodester	Inventory Management System 1.0	Jun 29, 2026	CVE