HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-42653	WordPress SliceWP plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42653 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This i...	iova.mihai	SliceWP n/a	Jun 11, 2026	CVE
HIGH 8.4	CVE-2026-45173	Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure_CVE-2026-45173 Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal ...	CyberArk Software, a Palo Alto Networks Company	Identity Browser Extensions 26.0.0	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-45172	Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command_CVE-2026-45172 Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an auth...	CyberArk Software, a Palo Alto Networks Company	PAM Self-Hosted, Privilege Cloud 14.0	Jun 11, 2026	CVE
HIGH 8.8	CVE-2026-45418	ClipBucket: Blind SQL Injection in subtitle_edit.php_CVE-2026-45418 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multipl...	MacWarrior	clipbucket-v5 < 5.5.3 - #132	Jun 11, 2026	CVE
HIGH 8.8	5EA55261-60BA-	Exploit for Write-what-where Condition in Linux Linux_Kernel_5EA55261-60BA-5F5A-A245-187C0E4791C3 DirtyFrag CVE-2026-43284 PoC Validation and auditd Detection Scope: Linux Local Privilege Escalation LPE validation focused on the XFRM/ESP path as...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 8.2	CVE-2026-50637	Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections_CVE-2026-50637 Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow...	PEVANS	Metrics::Any::Adapter::Statsd	Jun 10, 2026	CVE
HIGH 7.5	CVE-2025-46315	CVE-2025-46315_CVE-2025-46315 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected use...	Apple	macOS	Jun 11, 2026	CVE
HIGH 7.8	CVE-2025-31272	CVE-2025-31272_CVE-2025-31272 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections...	Apple	macOS	Jun 11, 2026	CVE
HIGH 8.8	CVE-2025-24284	CVE-2025-24284_CVE-2025-24284 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to bre...	Apple	macOS	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-46622	SolidInvoice: API tokens stored as plaintext in the database allowing full credential compromise on database breach_CVE-2026-46622 SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as pla...	SolidInvoice	SolidInvoice < 2.3.17	Jun 11, 2026	CVE