MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.6	CVE-2026-52757	Ghidra < 12.1 - Heap-use-after-free in HighVariable::merge() during decompilation_CVE-2026-52757 Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass...	nationalsecurityagency	ghidra	Jun 10, 2026	CVE
MEDIUM 6.3	CVE-2026-52756	Ghidra < 12.2 - Unauthenticated Path Traversal in Debugger ISF Server_CVE-2026-52756 Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplie...	nationalsecurityagency	ghidra	Jun 10, 2026	CVE
MEDIUM 6.7	CVE-2026-52753	Ghidra < 12.0.3 - Out-of-Memory in Rust Symbol Demangler via Malformed Symbol_CVE-2026-52753 Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size lim...	nationalsecurityagency	ghidra	Jun 10, 2026	CVE
MEDIUM 4.6	CVE-2026-49497	Ghidra < 12.1 - Path Traversal via .gnu_debuglink in DWARF External Debug File Resolution_CVE-2026-49497 Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debugl...	nationalsecurityagency	ghidra	Jun 10, 2026	CVE
MEDIUM 6.9	CVE-2026-49496	Ghidra < 12.1 - Heap-Use-After-Free in SleighBuilder::generatePointerAdd via Vector Reallocation_CVE-2026-49496 Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCach...	nationalsecurityagency	ghidra	Jun 10, 2026	CVE
MEDIUM 6.7	CVE-2026-49495	Ghidra 10.2 < 12.1 - Denial of Service via Circular Reference in Mach-O Export Trie Parser_CVE-2026-49495 Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when trave...	nationalsecurityagency	ghidra 10.2	Jun 10, 2026	CVE
MEDIUM 6.5	MS:CVE-2026-11226	Chromium: CVE-2026-11226 Insufficient policy enforcement in PreviewTab_MS:CVE-2026-11226 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 9, 2026	MSCVE
MEDIUM 6.4	CVE-2026-9019	Easy Image Collage <= 1.13.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][attachment_url]' Parameters_CVE-2026-9019 The Easy Image Collage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'grid[properties][borderColor]' and 'grid[images][N][a...	brechtvds	Easy Image Collage	Jun 10, 2026	CVE
MEDIUM 4.4	CVE-2026-8853	MW WP Form <= 5.1.3 - Authenticated (Editor+) Stored Cross-Site Scripting via 'memo' Parameter_CVE-2026-8853 The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1...	websoudan	MW WP Form	Jun 10, 2026	CVE
MEDIUM 6.4	CVE-2026-8613	aThemes Addons for Elementor <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title_tag' Widget Setting_CVE-2026-8613 The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'title_tag' Widget Setting in all versions u...	smub	aThemes Addons for Elementor	Jun 10, 2026	CVE