category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-8049	CVE-2026-8049_CVE-2026-8049 In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEV...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-9860	Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action_CVE-2026-9860 The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including,...	vanyukov	Offload, AI & Optimize with Cloudflare Images	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-9199	Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter_CVE-2026-9199 The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass i...	equalizedigital	Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-55740	SQL Injection in Nur-Alam39 bus-ticket bus_info.php via busid parameter_CVE-2026-55740 Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad) contains an unauthenticated SQL injection vuln...	Nur-Alam39	bus-ticket	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-12120	FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter_CVE-2026-12120 The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u...	fireplugins	FireBox Popups – Increase Sales and Grow Your Email List	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-12093	Simple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' Webhook_CVE-2026-12093 The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the pl...	wpinsider-1	Simple Membership	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-11784	Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action_CVE-2026-11784 The Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization plugin for WordPress is vulnerable to Cross-Site Reques...	optimole	Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization	Jun 18, 2026	CVE
MEDIUM 4.9	CVE-2026-11777	Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter_CVE-2026-11777 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'nam...	10web	Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	Jun 18, 2026	CVE
MEDIUM 4.9	CVE-2026-11776	Form Maker by 10Web <= 1.15.43 - Authenticated (Adminsitrator+) SQL Injection via 'groupids' Parameter_CVE-2026-11776 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'gro...	10web	Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	Jun 18, 2026	CVE
MEDIUM 6.4	CVE-2026-11402	Services Section Block <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Block Attribute_CVE-2026-11402 The Services Section Block – Showcase Service Details in Grid or Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'lin...	bplugins	Services Section Block – Showcase Service Details in Grid or Columns	Jun 18, 2026	CVE