HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-10083	APCu Manager < 4.5.0 - Unauthenticated Stored XSS via Cache Key Pollution_CVE-2026-10083 The APCu Manager WordPress plugin before 4.5.0 does not escape APCu object-cache keys before rendering them in an admin-area page, leading to a Sto...	Unknown	APCu Manager	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13564	Edimax EW-7478APC POST Request formPPPoESetup stack-based overflow_CVE-2026-13564 A vulnerability was found in Edimax EW-7478APC 1.04. Affected is the function formPPPoESetup of the file /goform/formPPPoESetup of the component PO...	Edimax	EW-7478APC 1.04	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13563	Edimax EW-7478APC POST Request formL2TPSetup stack-based overflow_CVE-2026-13563 A vulnerability has been found in Edimax EW-7478APC 1.04. This impacts the function formL2TPSetup of the file /goform/formL2TPSetup of the componen...	Edimax	EW-7478APC 1.04	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13562	Edimax EW-7478APC POST Request formiNICSiteSurvey buffer overflow_CVE-2026-13562 A flaw has been found in Edimax EW-7478APC 1.04. This affects the function formiNICSiteSurvey of the file /goform/formiNICSiteSurvey of the compone...	Edimax	EW-7478APC 1.04	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57346	WordPress Embed Privacy plugin <= 1.12.3 - Arbitrary File Deletion vulnerability_CVE-2026-57346 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal. This ...	Epiphyt	Embed Privacy n/a	Jun 29, 2026	CVE
HIGH 8.8	CVE-2026-25707	Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp_CVE-2026-25707 A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying re...	SUSE	libzypp	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-13601	Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications_CVE-2026-13601 A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak applica...	Red Hat	Red Hat Enterprise Linux 10	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-13539	Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_407504 stack-based overflow_CVE-2026-13539 A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the function sub_407504 of the file /cgi-bin/wireless...	Wavlink	WL-NU516U1-A M16U1_V240425	Jun 29, 2026	CVE
HIGH 8.3	CVE-2025-2902	Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform_CVE-2025-2902 Improper Authorization Vulnerability of Maintenance Utility in Hitachi Virtual Storage Platform. This issue affects Hitachi Virtual Storage Platfo...	Hitachi	Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H	Jun 29, 2026	CVE
HIGH 7.3	CVE-2026-22078	O+ Connect’s lack of authentication for IPC channels led to a local privilege escalation vulnerability._CVE-2026-22078 Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through...	OPPO	O+ Connect 16.0.33	Jun 29, 2026	CVE