category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-58049	FFmpeg – Out-of-Bounds Write in RASC Decoder decode_dlta()_CVE-2026-58049 FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary...	FFmpeg	FFmpeg	Jun 28, 2026	CVE
HIGH 8.7	CVE-2026-10643	Out-of-bounds heap write in Zephyr `recvmsg()` ancillary-data path (`insert_pktinfo` undersizes the control-buffer capacity check)_CVE-2026-10643 Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_co...	zephyrproject	zephyr 3.6.0	Jun 27, 2026	CVE
HIGH 8.1	CVE-2026-8095	Frontend File Manager Plugin <= 23.6 - Authenticated (Subscriber+) Arbitrary File Deletion_CVE-2026-8095 The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. ...	nmedia	Frontend File Manager Plugin	Jun 27, 2026	CVE
MEDIUM 6.1	CVE-2026-13245	MaxButtons <= 9.8.5 - Reflected Cross-Site Scripting via 'view' Parameter_CVE-2026-13245 The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to...	maxfoundry	MaxButtons – Create buttons	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-12404	NEX-Forms <= 9.2.2 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via CSVExport Class_CVE-2026-12404 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including...	webaways	NEX-Forms – Ultimate Forms Plugin for WordPress	Jun 27, 2026	CVE
MEDIUM 5.3	CVE-2026-9242	RegistrationMagic <= 6.0.8.6 - Authenticated (Subscriber+) Authentication Bypass via Forged PayPal IPN Request_CVE-2026-9242 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication ...	metagauss	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-9233	Quiz and Survey Master (QSM) <= 11.1.4 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via qsm_insert_quiz_template AJAX Action_CVE-2026-9233 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and...	expresstech	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-3462	Frisbii Pay <= 1.8.9 - Missing Authorization to Authenticated (Subscriber+) Payment Token Modification_CVE-2026-3462 The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'p...	reepaydenmark	Frisbii Pay	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-13295	Page Builder by SiteOrigin <= 2.34.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via panels_data Parameter_CVE-2026-13295 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, a...	gpriday	Page Builder by SiteOrigin	Jun 27, 2026	CVE
MEDIUM 4.3	CVE-2026-12471	Spexo <= 2.0.11 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation_CVE-2026-12471 The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all version...	templatescoderthemes	Spexo	Jun 27, 2026	CVE