HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2026-12245	Denial of DNS over TLS service by any DoT client_CVE-2026-12245 NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be tri...	NLnet Labs	NSD 4.13.0	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-12244	Heap overflow and crash with crafted SVCB RR_CVE-2026-12244 If NSD is configured as secondary for a zone, the primary of that zone can crash NSD with an AXFR containing a DNS message with a special crafted S...	NLnet Labs	NSD 4.14.0	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-12937	Tourfic <= 2.22.7 - Unauthenticated SQL Injection via 'post_id' Parameter_CVE-2026-12937 The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection vi...	themefic	Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin	Jun 25, 2026	CVE
HIGH 8.1	F078596F-EF09-	Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple_F078596F-EF09-5AD1-A7D9-223B4CA40A59 CVE-2019-9053 — CMS Made Simple SQLi Exploit Python 3 Disclaimer: This tool is intended for authorized penetration testing and educational purposes...	N/A	N/A	Jun 25, 2026	GITHUBEXPLOIT
HIGH 7.8	THN:AD3AD8530F9...	Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access_THN:AD3AD8530F92B6335CE622AD7B31FDE5 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3UeGaI_Ej8KFu7-vQHTOuoohYdx04xIdI3W2B6JjCdaTSR6m-y1PAZ-aes-tH9nxtPGO2sFUiu1NwYkwT5s...	N/A	N/A	Jun 25, 2026	THN
HIGH 8.7	CVE-2026-13311	shell-quote parse() is quadratic in token count, enabling denial of service_CVE-2026-13311 shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies th...	ljharb	shell-quote	Jun 25, 2026	CVE
HIGH 8.6	CVE-2026-12053	Insertion of Sensitive Information into Log File in GitLab_CVE-2026-12053 GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user ...	GitLab	GitLab 19.1	Jun 25, 2026	CVE
HIGH 8	CVE-2026-10712	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab_CVE-2026-10712 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that un...	GitLab	GitLab 18.10	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-10086	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in GitLab_CVE-2026-10086 GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under ...	GitLab	GitLab 16.4	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-12077	Dokan Pro <= 5.0.4 - Unauthenticated SQL Injection via 'latitude' and 'longitude' Parameters_CVE-2026-12077 The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the via 'latitude' and 'longitude' parameters in all versions up t...	wedevs	Dokan Pro	Jun 25, 2026	CVE