MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-10824	Masteriyo LMS < 2.2.1 - Unauthenticated Course Progress Disclosure and Deletion_CVE-2026-10824 The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthent...	Unknown	Masteriyo LMS	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-40211	Denial of service via crafted DoH3 queries_CVE-2026-40211 An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer wil...	PowerDNS	DNSdist 1.9.0	Jun 25, 2026	CVE
MEDIUM 4.8	CVE-2026-40210	Out-of-bounds read in SetMacAddrAction_CVE-2026-40210 An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a cr...	PowerDNS	DNSdist 1.9.0	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-40209	Denial of service via IXFR queries_CVE-2026-40209 An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by...	PowerDNS	DNSdist 1.9.0	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-57619	WordPress Elementor Website Builder plugin <= 4.1.3 - Sensitive Data Exposure vulnerability_CVE-2026-57619 Contributor Sensitive Data Exposure in Elementor Website Builder	Elementor	Elementor Website Builder n/a	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-57429	WordPress Slim SEO plugin <= 4.6.2 - Broken Access Control vulnerability_CVE-2026-57429 Contributor Broken Access Control in Slim SEO	eLightUp	Slim SEO n/a	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-56050	WordPress PPOM for WooCommerce plugin <= 33.0.18 - Broken Access Control vulnerability_CVE-2026-56050 Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. T...	Themeisle	PPOM for WooCommerce n/a	Jun 25, 2026	CVE
MEDIUM 5.4	CVE-2026-56023	WordPress UPI QR Code Payment Gateway for WooCommerce plugin <= 1.6.2 - Broken Access Control vulnerability_CVE-2026-56023 Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce	Knit Pay	UPI QR Code Payment Gateway for WooCommerce n/a	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-56013	WordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-56013 Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce	myCred	License Manager for WooCommerce n/a	Jun 25, 2026	CVE
MEDIUM 5.9	CVE-2026-52690	Spoofed answers can mark an authoritative non-EDNS capable_CVE-2026-52690 Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by tha...	PowerDNS	Recursor 5.2.0	Jun 25, 2026	CVE