HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-41045	Weak polkit authentication check in qSnapper_CVE-2026-41045 A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication m...	presire	qSnapper	Jun 22, 2026	CVE
HIGH 8.1	CVE-2026-12628	Hardcoded credential in the IBM Storage Protect Snapshot For Windows leads to unauthorized access to system_CVE-2026-12628 IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attack...	IBM	Storage Protect Client 8.1.0.0	Jun 22, 2026	CVE
HIGH 8.3	MS:CVE-2026-12468	Chromium: CVE-2026-12468 Inappropriate implementation in Updater_MS:CVE-2026-12468 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.8	MS:CVE-2026-12466	Chromium: CVE-2026-12466 Heap buffer overflow in WebRTC_MS:CVE-2026-12466 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
HIGH 8.8	CVE-2026-8157	Vitepos < 3.4.2 - Outlet Manager+ Privilege Escalation_CVE-2026-8157 The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST AP...	Unknown	Vitepos	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-6858	Transbank Webpay < 1.14.0 - Unauthenticated Stored XSS_CVE-2026-6858 The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform St...	Unknown	Transbank Webpay	Jun 22, 2026	CVE
HIGH 7.1	CVE-2026-4259	Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_manage_auctions_CVE-2026-4259 The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page,...	Unknown	ultimate-woocommerce-auction-pro	Jun 22, 2026	CVE
HIGH 7.3	CVE-2026-9029	Stored XSS via Geomap Panel Template Variable Attribution Injection_CVE-2026-9029 The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent() runs on the raw template string before g...	Grafana	Grafana OSS 12.4.0	Jun 22, 2026	CVE
HIGH 7	CVE-2026-6653	libxml2: Use after free in xmlParseInternalSubset via improper entity resolution handling_CVE-2026-6653 Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-servic...	GNOME	libxml2 2.9.11	Jun 22, 2026	CVE
HIGH 8.3	CVE-2026-56448	Authenticated Path Traversal in AIL Framework Investigation Downloads Allows Arbitrary File Read_CVE-2026-56448 A path traversal vulnerability exists in AIL Framework before the release containing commit 0041456af25da0cdea1c1c4624e46baff2731d8f. An authentica...	ail project	ail framework	Jun 22, 2026	CVE