HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-11878	Reflected Cross-Site Scripting vulnerability in OpenText Access Manager_CVE-2026-11878 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText Access Manager allows Cross-Site Scr...	OpenText	Access Manager 5.1	Jun 24, 2026	CVE
HIGH 8.3	CVE-2026-56111	Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler_CVE-2026-56111 Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability ...	MarlinFirmware	Marlin	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-55488	motionEye’s Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read_CVE-2026-55488 motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versi...	motioneye-project	motioneye < 0.44.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-9710	Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710 The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-9709	Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709 The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10749	Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData_CVE-2026-10749 The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied seria...	Unknown	Post Duplicator	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-10735	ShapedPlugin Multiple Pro Plugins – Backdoor via Compromised Vendor Update Server_CVE-2026-10735 Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommer...	Unknown	smart-post-show-pro 4.0.1	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-56270	Flowise – Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint_CVE-2026-56270 Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows ...	Flowise	Flowise	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56257	Capgo – Authorization Bypass in App Ownership Transfer via Direct PostgREST Update_CVE-2026-56257 Capgo before 12.128.2 allows direct patching of public.apps.owner_org through PostgREST, bypassing the transfer_app() workflow and creating split-b...	Capgo	Capgo	Jun 24, 2026	CVE
HIGH 7.1	CVE-2026-56256	Capgo – Two-Factor Authentication Bypass via Organization Management API_CVE-2026-56256 Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API endpoints (e.g...	Capgo	Capgo	Jun 24, 2026	CVE