MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.4	CVE-2026-46616	Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers_CVE-2026-46616 Umbraco is an ASP.NET CMS. Prior to versions 13.14.0 and 17.4.0, some of the Surface Controllers in the CMS provide to support member related opera...	umbraco	Umbraco-CMS < 13.14.0	Jun 10, 2026	CVE
MEDIUM 4.6	CVE-2026-46609	Umbraco.Cms: XSS/HTML Injection in Umbraco Backoffice confirmation dialog_CVE-2026-46609 Umbraco is an ASP.NET CMS. From version 14.0.0 to before version 17.4.0, authenticated users are able to inject HTML into an input field, which is ...	umbraco	Umbraco-CMS >= 14.0.0, < 17.4.0	Jun 10, 2026	CVE
MEDIUM 5.5	CVE-2025-55651	CVE-2025-55651_CVE-2025-55651 A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denia...	n/a	n/a n/a	Jun 9, 2026	CVE
MEDIUM 5.1	CVE-2026-7516	CVE-2026-7516_CVE-2026-7516 A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a webs...	Lenovo	Application	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-45563	Roxy-WI: IDOR — any authenticated user can read another user’s full action history_CVE-2026-45563 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history// re-uses the se...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
MEDIUM 6.5	CVE-2026-45561	Roxy-WI: SSRF in /smon/agent// reachable to cloud metadata IPs_CVE-2026-45561 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the /smon/agent/{version,upti...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
MEDIUM 6.1	CVE-2026-45560	Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)_CVE-2026-45560 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrap_line (app/modules/common...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
MEDIUM 4.9	CVE-2026-45559	Roxy-WI: LDAP injection in /user/ldap/ (admin-only)_CVE-2026-45559 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/r...	roxy-wi	roxy-wi <= 8.2.6.4	Jun 10, 2026	CVE
MEDIUM 6.5	CVE-2026-11884	389-ds-base: 389-ds-base: heap buffer overflow in schema objectclass serialization due to missing oc_superior in size calculation_CVE-2026-11884 A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omit...	Red Hat	Red Hat Directory Server 11	Jun 10, 2026	CVE
MEDIUM 6.7	CVE-2026-52759	Ghidra < 12.1.1 - Denial of Service via Uncontrolled Memory Allocation in Mach-O Parser_CVE-2026-52759 Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of ...	Ghidra	Ghidra	Jun 10, 2026	CVE