category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2025-48571	CVE-2025-48571_CVE-2025-48571 In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could...	Google	Android 17	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-9570	Taskbuilder < 5.0.8 - Reflected XSS via Shortcode_CVE-2026-9570 The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend pa...	Unknown	Taskbuilder	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-8383	LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API_CVE-2026-8383 The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allo...	Unknown	LearnPress	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-8089	weMail < 2.1.3 - Reflected Cross-Site Scripting_CVE-2026-8089 The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not prope...	Unknown	weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-7850	WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute_CVE-2026-7850 The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displ...	Unknown	WP Magnific Popup	Jun 17, 2026	CVE
MEDIUM 4.9	CVE-2026-41280	Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects_CVE-2026-41280 Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue aff...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-9690	WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability_CVE-2026-9690 Unauthenticated Arbitrary File Download in WP Media folder Addon	Joomunited	WP Media folder Addon n/a	Jun 17, 2026	CVE
HIGH 7.2	CVE-2026-5667	Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability in Multiple Home Appliances_CVE-2026-5667 Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for R...	Mitsubishi Electric Corporation	Room Air Conditioners (for Japan) MSZ-BKR2223-W 42.00 and prior	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54811	WordPress WP eMember plugin < v10.9.4 - SQL Injection vulnerability_CVE-2026-54811 Unauthenticated SQL Injection in WP eMember < v10.9.4 versions.	Tips and Tricks HQ	WP eMember n/a	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2026-54807	WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability_CVE-2026-54807 Unauthenticated Privilege Escalation in Registration Form for WooCommerce	ThemeGrill	Registration Form for WooCommerce n/a	Jun 17, 2026	CVE