MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-11853	CVE-2026-11853_CVE-2026-11853 Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifact...	Debian	debusine 0.12.0	Jun 10, 2026	CVE
MEDIUM 6.5	CVE-2026-11852	CVE-2026-11852_CVE-2026-11852 Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into arti...	Debian	debusine 0.2.0	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-50569	Fission: HTTPTrigger admission omits RelativeURL / Prefix validation; kubectl apply bypasses CLI checks_CVE-2026-50569 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.25.0	Jun 10, 2026	CVE
MEDIUM 4.9	CVE-2026-50565	Fission builder pods auto-mount the fission-builder ServiceAccount token in the user-supplied builder container_CVE-2026-50565 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.24.0	Jun 10, 2026	CVE
MEDIUM 6.1	CVE-2026-46642	draw.io: XSS via crafted cell label when opening a .drawio file_CVE-2026-46642 draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScr...	jgraph	drawio < 29.7.12	Jun 10, 2026	CVE
MEDIUM 6.9	CVE-2026-46618	Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder.command, allowing the builder pod to invoke arbitrary executables_CVE-2026-46618 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.23.0	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-20260	Log Injection through HTTP Request Paths in Splunk SOAR_CVE-2026-20260 In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National ...	Splunk	Splunk SOAR 8.5	Jun 10, 2026	CVE
MEDIUM 5.5	CVE-2026-20259	Improper Access Control in Splunk Enterprise_CVE-2026-20259 In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.0, 10.3.2512.12, 10.2.2510.15, 10.1.2507....	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
MEDIUM 5.7	CVE-2026-20257	Improper Input Validation through Classic Dashboard CSS in Splunk Enterprise_CVE-2026-20257 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE
MEDIUM 5.7	CVE-2026-20256	Improper Input Validation through Protocol-Relative URL in Classic Dashboards in Splunk Enterprise_CVE-2026-20256 In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.3.2512.13, 10.2.2510.15, 10.1.2...	Splunk	Splunk Enterprise 10.2	Jun 10, 2026	CVE