category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-10836	Improper neutralization of HTTP headers in Password Manager_CVE-2026-10836 Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A succ...	Password Manager	Password Manager	Jun 17, 2026	CVE
LOW 3.1	CVE-2025-62340	HCL iControl was affected by Inadequate Session Timeout vulnerability_CVE-2025-62340 HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to ...	HCL Software	iControl v4.2.0	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2025-59872	HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability,_CVE-2025-59872 HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to o...	HCL Software	ZIE 16.0	Jun 17, 2026	CVE
HIGH 7.1	CVE-2025-31013	WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-31013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issu...	Themify	Themify Folo n/a	Jun 17, 2026	CVE
HIGH 8.3	CVE-2026-9591	Cross-Site Request Forgery (CSRF) in SimplCommerce News Module_CVE-2026-9591 Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to c...	simplcommerce	SimplCommerce	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-55738	Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name field_CVE-2026-55738 A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name...	rxi	microtar 0.1.0	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54819	WordPress Listdom plugin <= 5.4.0 - SQL Injection vulnerability_CVE-2026-54819 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webilia Inc. Listdom allows Blind SQL Injecti...	Webilia Inc.	Listdom n/a	Jun 17, 2026	CVE
HIGH 8.5	CVE-2026-54818	WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability_CVE-2026-54818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQ...	VeronaLabs	Slimstat Analytics n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-54817	WordPress MStore API plugin <= 4.18.4 - Broken Authentication vulnerability_CVE-2026-54817 Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue...	FluxBuilder	MStore API n/a	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-54816	WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability_CVE-2026-54816 Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affe...	Monetizemore	Advanced Ads n/a	Jun 17, 2026	CVE