category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-8024	Deserialization vulnerability in ibaPDA and ibaDatCoordinator_CVE-2026-8024 A remote, unauthenticated attacker may exploit a deserialization of untrusted data vulnerability in ibaPDA or ibaDatCoordinator to gain full access...	iba	ibaPDA 1.0.0	Jun 18, 2026	CVE
MEDIUM 5.9	CVE-2026-56007	WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56007 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product Sharing allows Stored X...	OceanWP	Ocean Product Sharing n/a	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-54419	PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query_CVE-2026-54419 claudiopizzillo PIAF-HMS (PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5) con...	claudiopizzillo	PIAF-HMS	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-44942	libzypp .repo files can have an optional path which can lead to path traversal attacks_CVE-2026-44942 A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could ...	SUSE	libzypp 17.0.0	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-8461	Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder_CVE-2026-8461 An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some ca...	FFmpeg	FFmpeg	Jun 18, 2026	CVE
MEDIUM 5.9	CVE-2026-56009	WordPress Bricksable for Bricks Builder plugin <= 1.6.83 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56009 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored X...	Bricksable	Bricksable for Bricks Builder n/a	Jun 18, 2026	CVE
LOW 2.1	CVE-2026-40457	Reflected XSS in LMS_CVE-2026-40457 A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netrem...	LMS	LMS	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-40456	OS Command Injection in LMS_CVE-2026-40456 An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to th...	LMS	LMS	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-40455	SQL Injection in LMS_CVE-2026-40455 An SQL Injection vulnerability exists in LMS (LAN Management System) before commit 4cb30a7 within the "tarifflist.php" module due to insufficient s...	LMS	LMS	Jun 18, 2026	CVE
HIGH 7.3	CVE-2026-11958	Local privilege escalation in ANSSI’s DFIR-ORC_CVE-2026-11958 Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior...	ANSSI	DFIR-ORC	Jun 18, 2026	CVE