category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-13149	CVE-2026-13149_CVE-2026-13149 brace-expansion through 5.0.6 is vulnerable to denial of service. The expand() function exhibits exponential-time complexity in the number of conse...	juliangruber	brace-expansion	Jun 30, 2026	CVE
MEDIUM 6.4	CVE-2026-12610	Sssd: use-after-free crash in sssd’ ‘sssd_pam’ process_CVE-2026-12610 A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memor...	Red Hat	Red Hat Enterprise Linux 10	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-12076	SQL Injection in Raytha CMS_CVE-2026-12076 Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to...	Raytha	Raytha 1.5.2	Jun 30, 2026	CVE
HIGH 7	CVE-2026-10763	CVE-2026-10763_CVE-2026-10763 PROMOD V is using insecure HTTP communication instead of HTTPS. The vulnerability is due to the lack of HTTPS support from 3rd party Digipede server.	Hitachi Energy	PROMOD V 1.0.0	Jun 30, 2026	CVE
MEDIUM 4.4	CVE-2026-13316	Foreman: ssrf to cloud metada service through unvalidated test_url parameters in foreman config_CVE-2026-13316 A flaw has been found in foreman when HTTP parameters are modified in http_proxies_controller and http_proxy files. Attackers can perform an SSRF a...	Red Hat	Red Hat Satellite 6	Jun 30, 2026	CVE
MEDIUM 5.3	CVE-2026-12349	Premium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion via 'add_custom_sidebar' and 'remove_custom_sidebar' AJAX actions_CVE-2026-12349 The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and includi...	octagonwebstudio	Premium Addons for KingComposer	Jun 30, 2026	CVE
CRITICAL 9.8	CVE-2026-12073	ProfileGrid – User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email Overwrite_CVE-2026-12073 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all vers...	metagauss	ProfileGrid – User Profiles, Groups and Communities	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-11367	PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter_CVE-2026-11367 The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the...	andrasweb	PixMagix – WordPress Image Editor	Jun 30, 2026	CVE
MEDIUM 6.1	CVE-2026-56809	CVE-2026-56809_CVE-2026-56809 Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerab...	Ricoh Company, Ltd.	Multiple laser printers and MFPs which implement Ricoh Web Image Monitor see the information provided by the vendor	Jun 30, 2026	CVE
HIGH 7.2	CVE-2026-56808	CVE-2026-56808_CVE-2026-56808 DGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execution wi...	AVTECH Security Corporation	DGM3103SCT firmware version 3.2.5.4 and prior	Jun 30, 2026	CVE