category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-10839	Open redirection vulnerability in Password Manager_CVE-2026-10839 Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter th...	Password Manager	Password Manager	Jun 17, 2026	CVE
MEDIUM 5.1	CVE-2026-10837	Open redirection vulnerability in Password Manager_CVE-2026-10837 Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that,...	Password Manager	Password Manager	Jun 17, 2026	CVE
MEDIUM 5.1	CVE-2026-10836	Improper neutralization of HTTP headers in Password Manager_CVE-2026-10836 Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A succ...	Password Manager	Password Manager	Jun 17, 2026	CVE
LOW 3.1	CVE-2025-62340	HCL iControl was affected by Inadequate Session Timeout vulnerability_CVE-2025-62340 HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to ...	HCL Software	iControl v4.2.0	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2025-59872	HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,_CVE-2025-59872 HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to o...	HCL Software	ZIE 16.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2025-31013	WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-31013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issu...	Themify	Themify Folo n/a	Jun 17, 2026	CVE
HIGH 8.3	CVE-2026-9591	Cross-Site Request Forgery (CSRF) in SimplCommerce News Module_CVE-2026-9591 Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to c...	simplcommerce	SimplCommerce	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-55738	Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name field_CVE-2026-55738 A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name...	rxi	microtar 0.1.0	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54819	WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability_CVE-2026-54819 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injecti...	Webilia Inc.	Listdom n/a	Jun 17, 2026	CVE
HIGH 8.5	CVE-2026-54818	WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability_CVE-2026-54818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQ...	VeronaLabs	Slimstat Analytics n/a	Jun 17, 2026	CVE