category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-10623	PressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_id' Parameters_CVE-2026-10623 The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference i...	pressprimer	PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-10029	Event Koi Lite <= 1.3.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure via REST API Endpoints_CVE-2026-10029 The Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in a...	eventkoi	Event Koi Lite – Events Calendar, Event Management, RSVP, and Tickets	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-9815	MagicForm <= 0.1.3 - Unauthenticated Arbitrary File Upload to RCE_CVE-2026-9815 The MagicForm WordPress plugin through 0.1.3 does not properly validate the type of files uploaded through an unauthenticated AJAX action when a fo...	Unknown	MagicForm	Jun 18, 2026	CVE
HIGH 7.6	CVE-2026-55746	Cotonti stored XSS via PFS folder title_CVE-2026-55746 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder tit...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-55745	Cotonti CSRF in PFS folder edit allows unauthorized folder modification_CVE-2026-55745 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-55744	Cotonti CSRF in PFS allows forced arbitrary file upload_CVE-2026-55744 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.6	CVE-2026-55742	Cotonti CSRF in admin.rights.php allows privilege escalation_CVE-2026-55742 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/ad...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55741	Cotonti CSRF in admin.config.php allows unauthorized configuration changes_CVE-2026-55741 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/a...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
CRITICAL 10	CVE-2026-28573	CVE-2026-28573_CVE-2026-28573 In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of serv...	Google	Android 14	Jun 18, 2026	CVE
MEDIUM 6.1	CVE-2026-12137	SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter_CVE-2026-12137 The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cr...	phppoet	SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager	Jun 18, 2026	CVE