HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-12291	Use-after-free in the Networking: HTTP component_CVE-2026-12291 Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird ...	Mozilla	Firefox 115.37	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-8050	CVE-2026-8050_CVE-2026-8050 In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it i...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-9860	Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action_CVE-2026-9860 The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including,...	vanyukov	Offload, AI & Optimize with Cloudflare Images	Jun 18, 2026	CVE
HIGH 7.6	CVE-2026-55746	Cotonti stored XSS via PFS folder title_CVE-2026-55746 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder tit...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-55744	Cotonti CSRF in PFS allows forced arbitrary file upload_CVE-2026-55744 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55741	Cotonti CSRF in admin.config.php allows unauthorized configuration changes_CVE-2026-55741 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/a...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 7.2	CVE-2026-11395	CF7 to Webhook <= 5.0.0 - Unauthenticated Server-Side Request Forgery via CF7 Field Placeholder in Webhook URL Host_CVE-2026-11395 The CF7 to Webhook plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.0 via the pull_the_t...	mariovalney	CF7 to Webhook	Jun 18, 2026	CVE
HIGH 7.1	CVE-2026-8811	Path traversal in PDF generation module_CVE-2026-8811 SEPPmail versions before 15.0.5 allow improper handling of attachment filenames during encrypted PDF generation. An attacker can exploit this to cr...	SEPPmail AG	Secure Email Gateway	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-8461	Heap out-of-bounds write via odd slice_height in FFmpeg MagicYUV decoder_CVE-2026-8461 An out-of-bounds write vulnerability in FFmpeg's libavcodec library, specifically in the MagicYUV decoder, allows denial-of-service and, in some ca...	FFmpeg	FFmpeg	Jun 18, 2026	CVE
HIGH 8.6	CVE-2026-40456	OS Command Injection in LMS_CVE-2026-40456 An OS Command Injection vulnerability exists in LMS (LAN Management System) before commit 9fcb4de due to an IP address parameter being passed to th...	LMS	LMS	Jun 18, 2026	CVE