MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-12450	CVE-2026-12450_CVE-2026-12450 Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive informatio...	Google	Chrome 149.0.7827.155	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2026-12446	CVE-2026-12446_CVE-2026-12446 Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafte...	Google	Chrome 149.0.7827.155	Jun 17, 2026	CVE
MEDIUM 5.5	CVE-2026-12444	CVE-2026-12444_CVE-2026-12444 Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive infor...	Google	Chrome 149.0.7827.155	Jun 17, 2026	CVE
MEDIUM 4.3	CVE-2025-48571	CVE-2025-48571_CVE-2025-48571 In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could...	Google	Android 17	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-8383	LearnPress < 4.3.7 - Unauthenticated Sensitive User Information Disclosure via REST API_CVE-2026-8383 The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allo...	Unknown	LearnPress	Jun 17, 2026	CVE
MEDIUM 5.9	CVE-2026-7850	WP Magnific Popup <= 1.0 - Author+ Stored XSS via href Attribute_CVE-2026-7850 The WP Magnific Popup WordPress plugin through 1.0 does not properly escape user-controlled link URLs before injecting them into the DOM when displ...	Unknown	WP Magnific Popup	Jun 17, 2026	CVE
MEDIUM 4.9	CVE-2026-41280	Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects_CVE-2026-41280 Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue aff...	Apache Software Foundation	Apache DolphinScheduler	Jun 17, 2026	CVE
MEDIUM 6.8	CVE-2026-54196	WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability_CVE-2026-54196 Subscriber Privilege Escalation in JetFormBuilder	Jetmonsters	JetFormBuilder n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-49072	WordPress WooCommerce Anti-Fraud plugin <= 7.2.6 - Broken Access Control vulnerability_CVE-2026-49072 Unauthenticated Broken Access Control in WooCommerce Anti-Fraud	OPMC	WooCommerce Anti-Fraud n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-49071	WordPress WooCommerce Dropshipping plugin <= 5.2.4 - Broken Authentication vulnerability_CVE-2026-49071 Unauthenticated Broken Authentication in WooCommerce Dropshipping	OPMC	WooCommerce Dropshipping n/a	Jun 17, 2026	CVE