HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2025-69115	WordPress LuxMed \| Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local File Inclusion vulnerability_CVE-2025-69115 Unauthenticated Local File Inclusion in LuxMed \| Medicine & Healthcare Doctor WordPress Theme	ThemeREX	LuxMed \| Medicine & Healthcare Doctor WordPress Theme n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2025-69106	WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability_CVE-2025-69106 Unauthenticated Local File Inclusion in Imba	ThemeREX	Imba n/a	Jun 17, 2026	CVE
HIGH 7.1	CVE-2025-68524	WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-68524 Unauthenticated Cross Site Scripting (XSS) in Avante < 3.0.5 versions.	ThemeGoods	Avante n/a	Jun 17, 2026	CVE
HIGH 7.8	THN:94FE03544D6...	Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development_THN:94FE03544D6E636174099B6432E3A507 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgy3ayOlDb3vsL747G9hStxxjTd3N5i2u8hegcT_hTs4RlNqylS_HyYH4mGLQEavD-QwH3G4l-p2tE5xrXoeK...	N/A	N/A	Jun 17, 2026	THN
HIGH 7.8	CVE-2026-0153	CVE-2026-0153_CVE-2026-0153 In Write of msg_to_host_buffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of...	Google	Android Android kernel	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-9570	Taskbuilder < 5.0.8 - Reflected XSS via Shortcode_CVE-2026-9570 The Taskbuilder WordPress plugin before 5.0.8 does not properly sanitise a URL parameter before echoing it into inline JavaScript on a frontend pa...	Unknown	Taskbuilder	Jun 17, 2026	CVE
HIGH 7.1	CVE-2026-8089	weMail < 2.1.3 - Reflected Cross-Site Scripting_CVE-2026-8089 The weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce WordPress plugin before 2.1.3 does not prope...	Unknown	weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-9690	WordPress WP Media folder Addon plugin <= 4.0.1 - Arbitrary File Download vulnerability_CVE-2026-9690 Unauthenticated Arbitrary File Download in WP Media folder Addon	Joomunited	WP Media folder Addon n/a	Jun 17, 2026	CVE
HIGH 7.2	CVE-2026-5667	Information Disclosure, Information Tampering, or Denial-of-Service (DoS) Vulnerability in Multiple Home Appliances_CVE-2026-5667 Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for R...	Mitsubishi Electric Corporation	Room Air Conditioners (for Japan) MSZ-BKR2223-W 42.00 and prior	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-54805	WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability_CVE-2026-54805 Subscriber Privilege Escalation in Falang multilanguage	sbouey	Falang multilanguage n/a	Jun 17, 2026	CVE