category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-56325	Capgo – App ID Confusion via ILIKE Wildcard in Preview Subdomain Lookup_CVE-2026-56325 Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscor...	Capgo	Capgo	Jun 20, 2026	CVE
LOW 2.3	CVE-2026-56317	Nuxt – Cross-Site Scripting via NoScript Component Slot Content_CVE-2026-56317 Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot conte...	Nuxt	Nuxt 4.0.0	Jun 20, 2026	CVE
CRITICAL 10	CVE-2026-48939	Joomla Extension – icagenda.com – Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15_CVE-2026-48939 A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in P...	icagenda.com	iCagenda extension for Joomla 1.0.0-3.9.14	Jun 20, 2026	CVE
CRITICAL 9.5	CVE-2026-48909	Joomla Extension – joomshaper.com – PHP Object injection in SP LMS extension for Joomla < 4.1.4_CVE-2026-48909 SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker t...	joomshaper.net	SP LMS extension for Joomla 1.0.0-4.1.3	Jun 20, 2026	CVE
CRITICAL 10	CVE-2026-48908	Joomla Extension – joomshaper.com – Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.12_CVE-2026-48908 A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code ...	joomshaper.net	SP Page Builder extension for Joomla 1.0.0-6.6.1	Jun 20, 2026	CVE
MEDIUM 5.9	CVE-2026-12673	CVE-2026-12673_CVE-2026-12673 Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secon...	liquidfiles	liquidfiles	Jun 20, 2026	CVE
MEDIUM 6.5	CVE-2026-12119	Simple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute_CVE-2026-12119 The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' s...	eemitch	Simple File List	Jun 20, 2026	CVE
HIGH 7.5	CVE-2026-11912	Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action_CVE-2026-11912 The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up ...	eemitch	Simple File List	Jun 20, 2026	CVE
HIGH 7.5	CVE-2026-11911	Simple File List <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter_CVE-2026-11911 The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile...	eemitch	Simple File List	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56216	Capgo – Scope Escalation via API Key Creation in /functions/v1/apikey_CVE-2026-56216 Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint ...	Capgo	Capgo	Jun 20, 2026	CVE