HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-12225	syracom Secure Login (2FA) for Confluence allows 2FA bypass via spoofed User-Agent_CVE-2026-12225 syracom AG Secure Login (2FA) for Atlassian Jira, Confluence, and Bitbucket 3.4.0.x contains an authentication bypass vulnerability. An attacker wi...	syracom AG	Secure Login (2FA) for Jira 3.4.0.0	Jun 16, 2026	CVE
HIGH 8.6	CVE-2026-10829	CVE-2026-10829_CVE-2026-10829 A stack-based buffer overflow vulnerability has been found in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and earlier. This vulnerability stem...	Moxa	NPort W2150A-W4/W2250A-W4 Series 1.0	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-8442	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter_CVE-2026-8442 The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missi...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-8176	LatePoint <= 5.5.1 - Authenticated (Agent+) Privilege Escalation to Administrator via IDOR in OsOrdersController::create_or_update + Unauthenticated Customer-Cabinet Password Reset_CVE-2026-8176 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation to Administrator in ...	latepoint	LatePoint – Calendar Booking Plugin for Appointments and Events	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-5416	Command Injection via name parameter_CVE-2026-5416 Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vu...	TURCK	TBEN-LL-SE-M2 0.0.0	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-54198	WordPress Media LIbrary Assistant plugin <= 3.35 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-54198 Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant	David Lingren	Media LIbrary Assistant n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-54191	WordPress Pods plugin <= 3.3.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-54191 Unauthenticated Cross Site Scripting (XSS) in Pods	Pods Framework	Pods n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-52714	WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Broken Access Control vulnerability_CVE-2026-52714 Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO	SEO Squirrly	SEO Plugin by Squirrly SEO n/a	Jun 16, 2026	CVE
HIGH 7.6	CVE-2026-52712	WordPress Attendance Manager plugin <= 0.6.2 - SQL Injection vulnerability_CVE-2026-52712 Subscriber SQL Injection in Attendance Manager	tnomi	Attendance Manager n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-52711	WordPress WooCommerce POS plugin <= 1.8.14 - Broken Access Control vulnerability_CVE-2026-52711 Unauthenticated Broken Access Control in WooCommerce POS	kilbot	WooCommerce POS n/a	Jun 16, 2026	CVE