HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-5079	multer vulnerable to Denial of Service via deeply nested field names_CVE-2026-5079 Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form...	multer	multer 1.0.0	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-49111	WordPress Masteriyo – LMS plugin <= 2.2.0 - Privilege Escalation vulnerability_CVE-2026-49111 Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n...	ThemeGrill	Masteriyo - LMS n/a	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-49064	WordPress GetPaid plugin <= 2.8.49 - Sensitive Data Exposure vulnerability_CVE-2026-49064 Insertion of Sensitive Information Into Sent Data vulnerability in Stiofan GetPaid allows Retrieve Embedded Sensitive Data. This issue affects Get...	Stiofan	GetPaid n/a	Jun 15, 2026	CVE
HIGH 8.8	CVE-2026-49062	WordPress Faust.js plugin <= 1.8.7 - Broken Authentication vulnerability_CVE-2026-49062 Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue aff...	WP Engine	Faust.js n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-34026	Path traversal in Wertheim SafeController Software allows authenticated users to download arbitrary files_CVE-2026-34026 Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /sa...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-34024	Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions_CVE-2026-34024 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints....	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-34023	Broken WebSocket authorization in Wertheim SafeController Software allows cross-branch access to restricted functions_CVE-2026-34023 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communica...	Wertheim GmbH	Wertheim SafeController Software for VAULT ROOMS (Safe Deposit Locker System) Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-34022	Weak custom cryptography and hard-coded keys in Wertheim SafeController 65000 allow traffic decryption_CVE-2026-34022 The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-c...	Wertheim GmbH	Wertheim SafeController Family 65000 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller) Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-34021	Lack of cryptographic protection in Wertheim SafeController 5400 enables RS-485 message sniffing and replay_CVE-2026-34021 The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcont...	Wertheim GmbH	Wertheim SafeController 5400 Hardware for VAULT ROOMS (Safe Deposit Locker System - Microcontroller) Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-12057	DoS + Remote Code Execution via PDF JavaScript in Foxit AI_CVE-2026-12057 When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which ...	Foxit Software Inc.	Foxit AI before 2026-06-15	Jun 15, 2026	CVE