HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-13676	fast-uri vulnerable to host confusion via failed IDN canonicalization_CVE-2026-13676 fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a ...	fast-uri	fast-uri 4.0.0	Jun 29, 2026	CVE
HIGH 8.6	CVE-2026-13165	Remote Code Execution in SzafirHost_CVE-2026-13165 SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries wit...	Krajowa Izba Rozliczeniowa	SzafirHost	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-12856	Vscode-java: vscode: command injection vulnerability in the javadoc hover provider of the vscode-java extension_CVE-2026-12856 A flaw was found in the vscode-java extension, which provides Java language support for Visual Studio Code. The extension incorrectly trusts all Ma...	Red Hat	Red Hat OpenShift Dev Spaces	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57338	WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57338 Unauthenticated Cross Site Scripting (XSS) in ARForms	Repute InfoSystems	ARForms n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57337	WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57337 Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder	PluginOps	Landing Page Builder n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57336	WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57336 Unauthenticated Cross Site Scripting (XSS) in Jobify	Astoundify	Jobify n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57333	WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57333 Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free	Spencer Haws	Link Whisper Free n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57332	WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability_CVE-2026-57332 Subscriber Broken Access Control in Wallet System for WooCommerce	WP Swings	Wallet System for WooCommerce n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57320	WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57320 Unauthenticated Cross Site Scripting (XSS) in BEAR	RealMag777	BEAR n/a	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-56124	phpUploader < 2.0.2 Unauthenticated Database Exposure via index model_CVE-2026-56124 phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents ...	shimosyan	phpUploader	Jun 29, 2026	CVE