HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-10749	Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData_CVE-2026-10749 The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied seria...	Unknown	Post Duplicator	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-10735	ShapedPlugin Multiple Pro Plugins – Backdoor via Compromised Vendor Update Server_CVE-2026-10735 Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommer...	Unknown	smart-post-show-pro 4.0.1	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-56270	Flowise – Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint_CVE-2026-56270 Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows ...	Flowise	Flowise	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56257	Capgo – Authorization Bypass in App Ownership Transfer via Direct PostgREST Update_CVE-2026-56257 Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-b...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56256	Capgo – Two-Factor Authentication Bypass via Organization Management API_CVE-2026-56256 Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API endpoints (e.g...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-56245	Supabase Capgo – Unauthenticated Cross-Tenant Build-Time Accounting Poisoning via record_build_time RPC_CVE-2026-56245 Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows un...	Cap-go	capgo	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56244	Capgo – Webhook Signing Secret Disclosure via Non-Admin API Key_CVE-2026-56244 Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies o...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-56232	Capgo – Subkey Scope Bypass in middlewareKey via x-limited-key-id Header_CVE-2026-56232 Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewar...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-56231	Capgo – Broken Object Level Authorization in Build Job Control via jobId Parameter_CVE-2026-56231 Capgo before 12.128.2 contains a broken object level authorization (BOLA) vulnerability in the POST /build/start/:jobId and POST /build/cancel/:job...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 10	671F5C5A-5DF1-	Exploit for Improper Authentication in Dahuasecurity Ipc-Hum7Xxx_Firmware_671F5C5A-5DF1-5396-BCA3-038841185E26 Mô phỏng khai thác Dahua Authentication Bypass PoC CVE-2021-33044 Tổng quan Camera IP Dahua là thiết bị IoT được sử dụng phổ biến trong các hệ thốn...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT