category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.8	CVE-2026-11943	Akaunting 3.1.21 – Authenticated stored XSS in document timeline_CVE-2026-11943 Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the document timeline shown on invoice and bill detail page...	Akaunting	Akaunting 3.1.21	Jun 22, 2026	CVE
MEDIUM 4.8	CVE-2026-11942	Akaunting 3.1.21 – Stored XSS in delete confirmation modal_CVE-2026-11942 Akaunting 3.1.21 contains an authenticated stored cross-site scripting vulnerability in the reusable delete confirmation flow. A user with permissi...	Akaunting	Akaunting 3.1.21	Jun 22, 2026	CVE
MEDIUM 5.4	CVE-2026-11372	IBM TRIRIGA Cross-Site Scripting Vulnerability_CVE-2026-11372 IBM TRIRIGA Application Platform 5.0.2 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embe...	IBM	TRIRIGA Application Platform 5.0.2	Jun 22, 2026	CVE
HIGH 8.8	CVE-2026-8157	Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation_CVE-2026-8157 The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST AP...	Unknown	Vitepos	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-7859	Motors Car Dealership & Classified Listings < 1.4.110 - Unauthenticated Post-Meta Write via stm_ajax_add_a_car_media_CVE-2026-7859 The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated...	Unknown	Motors	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-6858	Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS_CVE-2026-6858 The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform St...	Unknown	Transbank Webpay	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-4259	Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions_CVE-2026-4259 The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page,...	Unknown	ultimate-woocommerce-auction-pro	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-12863	Open redirect_CVE-2026-12863 An unvalidated redirect was contained in Venueless' social login functionality and could be exploited for phishing using trusted domains.	pretix	Venueless 0.0.0	Jun 22, 2026	CVE
CRITICAL 9.4	CVE-2026-56422	MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields_CVE-2026-56422 Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys (id) and ownership/scope fore...	misp	misp	Jun 22, 2026	CVE
MEDIUM 4.3	CVE-2026-9162	Global session revocation does not invalidate active WebSocket connections_CVE-2026-9162 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE