MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-46718	Apache Calcite: A user-controled model can load arbitrary classes, leading to code execution_CVE-2026-46718 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache Calcite. This issue affects Apache Calc...	Apache Software Foundation	Apache Calcite 1.5.0	Jun 2, 2026	CVE
MEDIUM 5.4	CVE-2026-49782	WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability_CVE-2026-49782 Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels....	Elementor	Elementor Website Builder n/a	Jun 2, 2026	CVE
MEDIUM 5.6	CVE-2026-43965	Path Traversal in build/packages/packages.toml Allows Arbitrary Directory Deletion_CVE-2026-43965 Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml conten...	Gleam	Gleam 0.18.0-rc1	Jun 2, 2026	CVE
MEDIUM 5.1	CVE-2026-42795	Symlink Following in Hex Package Export Allows Embedding Files Outside Project Root_CVE-2026-42795 Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball...	Gleam	Gleam 0.10.0-rc1	Jun 2, 2026	CVE
MEDIUM 5.7	CVE-2026-41918	CVE-2026-41918_CVE-2026-41918 A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive informa...	Siemens	RUGGEDCOM RST2428P	Jun 2, 2026	CVE
MEDIUM 4.6	CVE-2026-32685	Path Traversal in gleam docs build via documentation.pages Allows Arbitrary File Read and Write_CVE-2026-32685 Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended docum...	Gleam	Gleam 1.16.0	Jun 2, 2026	CVE
MEDIUM 4.3	CVE-2026-32250	NamelessMC has Reflected Cross-Site Scripting (XSS) in id parameter of /index.php?route=/queries/user/_CVE-2026-32250 NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the i...	NamelessMC	Nameless = 2.2.4	Jun 2, 2026	CVE
MEDIUM 5.9	CVE-2026-28116	WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability_CVE-2026-28116 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Store...	Emilia Projects	Progress Planner n/a	Jun 2, 2026	CVE
MEDIUM 5.4	CVE-2026-27351	WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability_CVE-2026-27351 Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issu...	Sekander Badsha	Crew HRM n/a	Jun 2, 2026	CVE
MEDIUM 6.3	CVE-2026-7299	CVE-2026-7299_CVE-2026-7299 Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an au...	Appsmith	Appsmith	Jun 2, 2026	CVE