category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.1	CVE-2026-8403	Stored XSS in Exagate’s SYSGUARD 6001_CVE-2026-8403 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Eksagate Electronic Engineering and Computer ...	Eksagate Electronic Engineering and Computer Industry Trade Inc.	SYSGUARD 6001 2.0.2	Jun 30, 2026	CVE
MEDIUM 5.7	CVE-2026-53433	Denial of Service in fzf_CVE-2026-53433 fzf is vulnerable to a Denial of Service (DoS) due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing...	fzf	fzf	Jun 30, 2026	CVE
MEDIUM 5.6	CVE-2026-53432	Integer Overflow in fzf_CVE-2026-53432 fzf is vulnerable to Integer Overflow leading to crash in FuzzyMatchV2 function. When input line length is approximately 2,200,000 bytes and patter...	fzf	fzf	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-4629	Keycloak: keycloak: privilege escalation through hardcoded role mapper injection_CVE-2026-4629 A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded rol...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
CRITICAL 9.5	CVE-2026-44946	SAML Authentication Replay in Rancher_CVE-2026-44946 A SAML authentication replay vulnerability in Rancher's Assertion Consumer Service (ACS) handler did not enforce one-time use of SAML assertion, po...	SUSE	Rancher 2.14.0	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-14209	Keycloak-admin-ui: keycloak-admin-ui: keycloak: admin ui extension brute-force-user endpoint bypasses fgapv2 user view restrictions_CVE-2026-14209 A vulnerability was discovered in Keycloak's Admin UI extension that allows certain administrative users to bypass security restrictions. When Fine...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-12388	Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper_CVE-2026-12388 A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services i...	Red Hat	Red Hat Build of Keycloak	Jun 30, 2026	CVE
CRITICAL 9.8	CVE-2026-9711	EventON – WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter_CVE-2026-9711 The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress (full) is vulnerable to SQL Injection via the WordPress 'search' paramet...	EventON	EventON (Pro) - WordPress Virtual Event Calendar Plugin	Jun 30, 2026	CVE
HIGH 7.2	CVE-2026-8141	Ajax Load More – Filters <= 3.4.1 - Unauthenticated Stored Cross-Site Scripting via 'taxonomy_include_children' Field_CVE-2026-8141 The Ajax Load More - Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'taxonomy_include_children' parameter in all...	Connekt Media	Ajax Load More - Filters	Jun 30, 2026	CVE
MEDIUM 5.1	CVE-2026-6954	Multiple vulnerabilities in Intermark IT’s WebControl CMS_CVE-2026-6954 Cross-Site Scripting (XSS) vulnerability in Intermark IT's WebControl CMS v3.5. This vulnerability allows an attacker to execute JavaScript code or...	Intermark IT	WebControl CMS	Jun 30, 2026	CVE