category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-12174	D-Link DCS-935L HTTP rhea snprintf format string_CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhe...	D-Link	DCS-935L 1.10.01	Jun 13, 2026	CVE
MEDIUM 5.6	CVE-2026-6428	CVE-2026-6428_CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x bef...	Koha Community	Koha	Jun 13, 2026	CVE
CRITICAL 9.3	CVE-2026-12183	CVE-2026-12183_CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-28...	Nefteprodukttekhnika LLC	BUK TS-G Gas Station Automation System 2.9.1, 2.10.2	Jun 13, 2026	CVE
HIGH 7.2	CVE-2026-5513	Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie_CVE-2026-5513 The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-cus...	ladela	Online Scheduling and Appointment Booking System – Bookly	Jun 13, 2026	CVE
MEDIUM 4.3	CVE-2026-1291	Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation_CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint...	tigroumeow	Meow Gallery	Jun 13, 2026	CVE
CRITICAL 9.4	CVE-2026-11624	CVE-2026-11624_CVE-2026-11624 The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebin...	Google	MCP Toolbox for Databases	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-9134	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter_CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up ...	fooplugins	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel	Jun 13, 2026	CVE
HIGH 7.2	CVE-2026-9109	GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage_CVE-2026-9109 The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Si...	john-dagelmore	GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-9629	Canvas <= 2.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Block Attribute_CVE-2026-9629 The Canvas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' parameter in all versions up to, and including, 2.5.2 du...	codesupplyco	Canvas	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-3297	Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Anchor Block_CVE-2026-3297 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Anchor block ...	softaculous	Page Builder: Pagelayer – Drag and Drop website builder	Jun 13, 2026	CVE