HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.4	CVE-2026-10973	CVE-2026-10973_CVE-2026-10973 Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chr...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
HIGH 7.4	CVE-2026-10968	CVE-2026-10968_CVE-2026-10968 Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-10966	CVE-2026-10966_CVE-2026-10966 Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape vi...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
HIGH 8.8	CVE-2026-10955	CVE-2026-10955_CVE-2026-10955 Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory ac...	Google	Chrome 149.0.7827.53	Jun 4, 2026	CVE
HIGH 7.2	CVE-2026-8901	Integration for Freshsales <= 1.0.15 - Unauthenticated Stored Cross-Site Scripting via Form Submission Data_CVE-2026-8901 The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site...	plugcrux	Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More	Jun 6, 2026	CVE
HIGH 7.2	CVE-2026-8438	All-In-One Security (AIOS) <= 5.4.7 - Unauthenticated Stored Cross-Site Scripting via REST API Request Path_CVE-2026-8438 The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and incl...	davidanderson	All-In-One Security (AIOS) – Security and Firewall	Jun 6, 2026	CVE
HIGH 7.2	CVE-2026-7537	MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter_CVE-2026-7537 The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_se...	mdjm	MDJM Event Management	Jun 6, 2026	CVE
HIGH 7.8	3A0FB196-510A-	Exploit for Improper Initialization in Linux Linux_Kernel_3A0FB196-510A-59F0-AD4E-7E47BB4CD069 CVE-2022-0847 Dirty Pipe Pre-compiled exploit for CVE-2022-0847 Dirty Pipe. Original source code from haxx.in/dirtypipe. Build bash make glibc stat...	N/A	N/A	Jun 6, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-9290	WP User Manager <= 2.9.17 - Unauthenticated Path Traversal to Local File Inclusion via 'tab' Query Parameter_CVE-2026-9290 The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and inclu...	wpusermanager	WP User Manager – User Profile Builder & Membership	Jun 5, 2026	CVE
HIGH 7	CVE-2026-34123	Whitelist Validation Bypass in TP-Link Tapo C520WS_CVE-2026-34123 On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE