HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-10966	CVE-2026-10966_CVE-2026-10966 Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape vi...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-10955	CVE-2026-10955_CVE-2026-10955 Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory ac...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
HIGH 7.2	CVE-2026-8901	Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data_CVE-2026-8901 The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site...	plugcrux	Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More	Jun 6, 2026	CVE
HIGH 7.2	CVE-2026-8438	All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path_CVE-2026-8438 The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and incl...	davidanderson	All-In-One Security (AIOS) – Security and Firewall	Jun 6, 2026	CVE
HIGH 7.2	CVE-2026-7537	MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter_CVE-2026-7537 The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_se...	mdjm	MDJM Event Management	Jun 6, 2026	CVE
HIGH 7.8	3A0FB196-510A-	Exploit for Improper Initialization in Linux Linux_Kernel_3A0FB196-510A-59F0-AD4E-7E47BB4CD069 CVE-2022-0847 Dirty Pipe Pre-compiled exploit for CVE-2022-0847 Dirty Pipe. Original source code from haxx.in/dirtypipe. Build bash make glibc stat...	N/A	N/A	Jun 6, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-9290	WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter_CVE-2026-9290 The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inclu...	wpusermanager	WP User Manager – User Profile Builder & Membership	Jun 5, 2026	CVE
HIGH 7	CVE-2026-34123	Whitelist Validation Bypass in TP-Link Tapo C520WS_CVE-2026-34123 On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
HIGH 8.3	CVE-2026-11431	Path Traversal in Altium Projects Service Allows Arbitrary File Read_CVE-2026-11431 A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE
HIGH 8.3	CVE-2026-11424	Server-Side Request Forgery in Altium Platform Design GraphQL Service Allows Information Disclosure_CVE-2026-11424 A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An auth...	Altium	Altium Enterprise Server	Jun 5, 2026	CVE