HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.2	CVE-2026-10092	Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments_CVE-2026-10092 The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all...	nicashmu	Cincopa video and media plug-in	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10091	Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting_CVE-2026-10091 The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up ...	cgarvey	Email JavaScript Cloak	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-7761	Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure_CVE-2026-7761 The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2...	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Jun 24, 2026	CVE
HIGH 7.6	CVE-2026-56052	WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability_CVE-2026-56052 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows ...	FunnelKit	Funnel Builder by FunnelKit n/a	Jun 24, 2026	CVE
HIGH 8.8	5CCE7939-1019-	Exploit for CVE-2026-8461_5CCE7939-1019-5F8F-A1B9-EA7B129C8C99 CVE-2026-8461 "PixelSmash" — FFmpeg MagicYUV Heap OOB Write PoC !WARNING This repository contains a working exploit PoC for a heap corruption vulne...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 8.6	THN:881DB7D7759...	Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root_THN:881DB7D77599D527FA15CA26FD8CBC33 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivauBSNOsDqBHvUFSnF1NdlWJ8BAt2JVgIo_ZUQhBkVppSz0PvkEmrc9RP1hMf2-oFFRgr5PNm7pxLmPngAJ...	N/A	N/A	Jun 24, 2026	THN
HIGH 7.2	CVE-2026-3652	ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter_CVE-2026-3652 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX...	n/a	ARforms	Jun 24, 2026	CVE
HIGH 8.9	CVE-2026-12681	CVE-2026-12681_CVE-2026-12681 Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advan...	Google	go-attestation	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-7574	Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use_CVE-2026-7574 Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) val...	Anthropic	Claude Desktop Cowork 1.1348.0	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-5818	MCU Firmware Update Authentication Bypass on Caliptra Core_CVE-2026-5818 Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Cor...	Caliptra	Core Runtime Firmware 2.0.0	Jun 23, 2026	CVE