news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-49777	WordPress Product Slider Pro for WooCommerce plugin < 3.5.3 - Backdoor vulnerability_CVE-2026-49777 Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software ...	ShapedPlugin, LLC	Product Slider Pro for WooCommerce n/a	Jun 5, 2026	CVE
HIGH 7.8	CVE-2026-11332	Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution_CVE-2026-11332 A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml f...	Red Hat	Red Hat Ansible Automation Platform 2	Jun 5, 2026	CVE
CRITICAL 9.8	5DAC9852-285D-	Exploit for Stack-based Buffer Overflow in Microsoft_5DAC9852-285D-528A-B3B2-6FE134F40C51 CVE-2026-41089 !TIP If the setup does not start, add the folder to the allowed list or pause protection for a few minutes. !CAUTION Some security s...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT
HIGH 7.2	7239610D-FB67-	Exploit for Server-Side Request Forgery in Apeworx Web3.Py_7239610D-FB67-5EDA-8E6D-DDC6D8735AE5 CVE-2026-40072 SSRF Lab Hands-on local lab to demonstrate CVE-2026-40072 in web3.py, show the SSRF impact in Burp Suite, and verify the official fi...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT
CRITICAL 9.8	THN:B290527C461...	Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites_THN:B290527C461D0B41AF1634957218991E ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgKOwHRwFSrcOI7vBYVGbebtc3DwR3w7SYc9l7FUXp1yXc_N2MbNNlEXtfRjVneU4wz2YB8PqC_k54o_6ZpB...	N/A	N/A	Jun 5, 2026	THN
LOW 2.7	CVE-2026-9088	Keycloak: keycloak: information disclosure due to user profile permission bypass_CVE-2026-9088 A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permi...	Red Hat	Red Hat Build of Keycloak	Jun 5, 2026	CVE
CRITICAL 10	CVE-2026-48907	Joomla Extension – joomlacontenteditor.net – Remote Code Execution in JCE extension for Joomla < 2.9.99.5_CVE-2026-48907 A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting i...	joomlacontenteditor.net	Joomla Content Editor (JCE) extension for Joomla 1.0.0-2.9.99.4	Jun 5, 2026	CVE
CRITICAL 9.8	60FB5346-778C-	Exploit for Missing Authentication for Critical Function in Mcpjam Inspector_60FB5346-778C-5CB9-A5BA-9C29B4E1E172 cve-2026-23744-poc cve-2026-23744 python exploit...	N/A	N/A	Jun 5, 2026	GITHUBEXPLOIT
NONE	THN:BA671EB286B...	FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins_THN:BA671EB286BFAB25B4ED3DAF0142200F ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMkj_adwzUUFP7yWyIFVKIKKQGDjqfvPuxKoR4mrrJ_SX3EACoJ3toLV3ZkYmePeA-nKWWfVC-90aOa5yjep...	N/A	N/A	Jun 5, 2026	THN
HIGH 7.8	CVE-2026-45956	drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()_CVE-2026-45956 In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl()...	Linux	Linux cf67cc9a29ac19c98bc4fa0e6d14b0c1f592d322	May 27, 2026	CVE