HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	6210915C-9723-	Exploit for XML Injection (aka Blind XPath Injection) in Samlify_Project Samlify_6210915C-9723-542E-AAB3-1FFADF0E92C4 CVE-2026-46490 — samlify SAML AttributeValue XML Injection → Privilege Escalation samlify contexts. A user-controlled value e.g. email / name place...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
HIGH 7.3	CVE-2026-8864	HP Fan Control App – Potential Escalation of Privilege_CVE-2026-8864 The HP Fan Control App might allow local escalation of privileges. An updated version of HP Fan Control App has been released to mit...	HP Inc.	HP Fan Control App	Jun 30, 2026	CVE
HIGH 8.1	CVE-2026-58377	JeecgBoot 3.9.2 – Missing Authorization on OpenAPI Credential Management Endpoints Exposes Access/Secret Keys_CVE-2026-58377 JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, ...	jeecgboot	JeecgBoot	Jun 30, 2026	CVE
HIGH 7.6	CVE-2026-58376	Dolibarr – SQL Injection via sqlfilters Parameter in Multiple REST API List Endpoints_CVE-2026-58376 Dolibarr through 23.0.3, fixed in commit 14db36e, contains a sql injection vulnerability that allows authenticated API users to exfiltrate arbitrar...	Dolibarr	dolibarr	Jun 30, 2026	CVE
HIGH 7.2	CVE-2026-10513	Webmention <= 5.8.0 - Unauthenticated Stored Cross-Site Scripting via MF2 'photo'/'url' Author Properties_CVE-2026-10513 The Webmention plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.8.0 via parser-derived 'avatar' ...	pfefferle	Webmention	Jun 30, 2026	CVE
HIGH 8.8	28C8120C-CE6C-	Exploit for Write-what-where Condition in Linux Linux_Kernel_28C8120C-CE6C-515B-80F8-7917AC287FB6 CVE-KERNEL · Linux Kernel LPE Chain Multi-CVE Local Privilege Escalation chain for Linux kernel vulnerabilities uid=1000 → root via xfrm-ESP, RxRPC...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
HIGH 7.5	CVE-2026-43707	CVE-2026-43707_CVE-2026-43707 A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Ta...	Apple	Safari	Jun 29, 2026	CVE
HIGH 8.6	CVE-2026-11590	WP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated SQL Injection via filter[elements] Array Keys_CVE-2026-11590 The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sanitize user-supplied array keys before using them in a SQL s...	Unknown	WP Support Plus Responsive Ticket System	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-54475	Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Temporary destination ownership takeover_CVE-2026-54475 Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destination...	Apache Software Foundation	Apache ActiveMQ Broker	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-53917	Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker: Unbounded memory allocation in OpenWire property unmarshalling_CVE-2026-53917 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Client, Apache ActiveMQ Broker. ...	Apache Software Foundation	Apache ActiveMQ	Jun 30, 2026	CVE