HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-40523	FrontAccounting < 2.4.20 SQL Injection via reporting/rep710.php_CVE-2026-40523 FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Audit Trail report handler that allows authenticated attackers with SA_...	FrontAccounting	FrontAccounting	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-40522	FrontAccounting < 2.4.20 SQL Injection via rep601.php_CVE-2026-40522 FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the Bank Statement report handler that allows authenticated attackers to ex...	FrontAccounting	FrontAccounting	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-40521	FrontAccounting < 2.4.20 Path Traversal RCE via attachment upload_CVE-2026-40521 FrontAccounting before 2.4.20 contains a path traversal vulnerability in the attachment upload handler that allows authenticated attackers to execu...	FrontAccounting	FrontAccounting	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-13676	fast-uri vulnerable to host confusion via failed IDN canonicalization_CVE-2026-13676 fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a ...	fast-uri	fast-uri 4.0.0	Jun 29, 2026	CVE
HIGH 8.6	CVE-2026-13165	Remote Code Execution in SzafirHost_CVE-2026-13165 SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries wit...	Krajowa Izba Rozliczeniowa	SzafirHost	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-12856	Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension_CVE-2026-12856 A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Ma...	Red Hat	Red Hat OpenShift Dev Spaces	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57338	WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57338 Unauthenticated Cross Site Scripting (XSS) in ARForms	Repute InfoSystems	ARForms n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57337	WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57337 Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder	PluginOps	Landing Page Builder n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57336	WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57336 Unauthenticated Cross Site Scripting (XSS) in Jobify	Astoundify	Jobify n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57333	WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57333 Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free	Spencer Haws	Link Whisper Free n/a	Jun 29, 2026	CVE