category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-12175	CodeAstro Student Attendance Management System createStudents.php sql injection_CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Adm...	CodeAstro	Student Attendance Management System 1.0	Jun 13, 2026	CVE
MEDIUM 5.3	CVE-2026-12176	SourceCodester CET Automated Grading System with AI Predictive Analytics index.php cross site scripting_CVE-2026-12176 A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown ...	SourceCodester	CET Automated Grading System with AI Predictive Analytics 1.0	Jun 13, 2026	CVE
HIGH 8.7	CVE-2026-12174	D-Link DCS-935L HTTP rhea snprintf format string_CVE-2026-12174 A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhe...	D-Link	DCS-935L 1.10.01	Jun 13, 2026	CVE
MEDIUM 5.6	CVE-2026-6428	CVE-2026-6428_CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x bef...	Koha Community	Koha	Jun 13, 2026	CVE
CRITICAL 9.3	CVE-2026-12183	CVE-2026-12183_CVE-2026-12183 Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-28...	Nefteprodukttekhnika LLC	BUK TS-G Gas Station Automation System 2.9.1, 2.10.2	Jun 13, 2026	CVE
HIGH 7.2	CVE-2026-5513	Online Scheduling and Appointment Booking System – Bookly <= 27.2 - Unauthenticated Stored Cross-Site Scripting via 'bookly-customer-full-name' Cookie_CVE-2026-5513 The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-cus...	ladela	Online Scheduling and Appointment Booking System – Bookly	Jun 13, 2026	CVE
MEDIUM 4.3	CVE-2026-1291	Meow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creation_CVE-2026-1291 The Meow Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the REST API endpoint...	tigroumeow	Meow Gallery	Jun 13, 2026	CVE
CRITICAL 9.4	CVE-2026-11624	CVE-2026-11624_CVE-2026-11624 The Model Context Protocol has a security warning advising servers to validate the "Origin" header on all incoming connections to prevent DNS rebin...	Google	MCP Toolbox for Databases	Jun 13, 2026	CVE
MEDIUM 6.4	CVE-2026-9134	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel <= 3.1.31 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'custom_attribute_key' Shortcode Parameter_CVE-2026-9134 The FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attribute_key' shortcode parameter in versions up ...	fooplugins	Photo Gallery by FooGallery : Responsive Image Gallery, Masonry Gallery & Carousel	Jun 13, 2026	CVE
HIGH 7.2	CVE-2026-9109	GPTranslate <= 2.31 - Unauthenticated Stored Cross-Site Scripting via REST API Translation Storage_CVE-2026-9109 The GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin for WordPress is vulnerable to Stored Cross-Si...	john-dagelmore	GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites	Jun 13, 2026	CVE