category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-12119	Simple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute_CVE-2026-12119 The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' s...	eemitch	Simple File List	Jun 20, 2026	CVE
HIGH 7.5	CVE-2026-11912	Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action_CVE-2026-11912 The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up ...	eemitch	Simple File List	Jun 20, 2026	CVE
HIGH 7.5	CVE-2026-11911	Simple File List <= 6.3.7 - Unauthenticated Arbitrary File Deletion via Path Traversal in 'eeSubFolder' Parameter_CVE-2026-11911 The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFL_DeleteFile...	eemitch	Simple File List	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56216	Capgo – Scope Escalation via API Key Creation in /functions/v1/apikey_CVE-2026-56216 Capgo before 12.128.2 contains a scope escalation vulnerability in the POST /functions/v1/apikey endpoint that allows app-limited API keys to mint ...	Capgo	Capgo	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56215	Capgo – Account Merge via Poisoned public.users.email in SSO Provisioning_CVE-2026-56215 Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning end...	Capgo	Capgo	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56214	Capgo – Unauthenticated Organization Enumeration and Billing Status Disclosure via Supabase RPC_CVE-2026-56214 Capgo before 12.128.2 contains an information disclosure vulnerability in Supabase PostgREST RPC endpoints is_trial_org and is_paying_org that allo...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 6.9	CVE-2026-56213	Capgo – Unauthenticated Cross-Tenant Metrics Poisoning via upsert_version_meta RPC_CVE-2026-56213 Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsert_version_meta SECURITY DEFINER function exposed via PostgR...	Capgo	Capgo	Jun 20, 2026	CVE
MEDIUM 5.1	CVE-2026-56212	Capgo – Improper 2FA Enforcement Logic via Team Security Settings_CVE-2026-56212 Capgo before 12.128.2 contains an authentication logic flaw: a user with permission to manage team or organization security settings can enable man...	Capgo	Capgo	Jun 20, 2026	CVE
HIGH 8.1	CVE-2026-9843	Database for Contact Form 7, WPforms, Elementor forms <= 1.5.1 - Unauthenticated Arbitrary File Deletion via CF7 File Field POST Value_CVE-2026-9843 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file pa...	crmperks	Database for Contact Form 7, WPforms, Elementor forms	Jun 20, 2026	CVE
HIGH 8.7	CVE-2026-56082	Supabase – Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC_CVE-2026-56082 Capgo (Cap-go/capgo) before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.record...	Cap-go	capgo	Jun 19, 2026	CVE