MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-53675	BuddyPress 14.4.0 Friends List IDOR via REST API_CVE-2026-53675 BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enum...	BuddyPress	BuddyPress	Jun 9, 2026	CVE
MEDIUM 6.8	CVE-2026-47838	Unauthorized User Impersonation when Using X.509 Client Certificates_CVE-2026-47838 SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value ...	Spring	Spring Security 5.7.0	Jun 9, 2026	CVE
MEDIUM 5.3	CVE-2026-46543	nimiq-blockchain: Genesis batch set request_CVE-2026-46543 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote pe...	nimiq	core-rs-albatross < 1.5.0	Jun 9, 2026	CVE
MEDIUM 4.3	CVE-2026-46542	nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points_CVE-2026-46542 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of...	nimiq	core-rs-albatross < 1.4.0	Jun 9, 2026	CVE
MEDIUM 6.5	CVE-2026-46540	Nimiq light-blockchain: Light blockchain rebranch issue_CVE-2026-46540 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightB...	nimiq	core-rs-albatross < 1.4.0	Jun 9, 2026	CVE
MEDIUM 5.9	CVE-2026-46539	nimiq-primitives: BlockInclusionProof interlink issue when hops are empty_CVE-2026-46539 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic fla...	nimiq	core-rs-albatross < 1.4.0	Jun 9, 2026	CVE
MEDIUM 5.3	CVE-2026-44505	Nimiq network-libp2p: Untrusted peer can wedge DHT_CVE-2026-44505 Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-reco...	nimiq	core-rs-albatross < 1.4.0	Jun 9, 2026	CVE
MEDIUM 5.3	CVE-2026-41837	Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys_CVE-2026-41837 Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson ...	Spring	Spring Data REST 3.7.0	Jun 9, 2026	CVE
MEDIUM 5.3	CVE-2026-41730	Spring Data REST exposes persistence-layer internals in error responses_CVE-2026-41730 Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTT...	Spring	Spring Data REST 3.7.0	Jun 9, 2026	CVE
MEDIUM 6.5	CVE-2026-41727	In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior_CVE-2026-41727 Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send ...	Spring	Spring for Apache Kafka 4.0.0	Jun 9, 2026	CVE