MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-11406	GL.iNet MT3000 OpenVPN Client Import Workflow ovpnclient.sh command injection_CVE-2026-11406 A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component Op...	GL.iNet	MT3000 4.4.0	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-11408	vertex-app vertex Log Viewer Endpoint LogMod.js os command injection_CVE-2026-11408 A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of...	vertex-app	vertex 2026.02.0	Jun 6, 2026	CVE
MEDIUM 6.5	CVE-2026-9829	Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter_CVE-2026-9829 The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_...	10web	Photo Gallery by 10Web – Mobile-Friendly Image Gallery	Jun 6, 2026	CVE
MEDIUM 4.4	CVE-2026-9594	WP Maps <= 4.9.4 - Authenticated (Admin+) Stored Cross-Site Scripting via 'location_messages' Parameter_CVE-2026-9594 The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Sc...	flippercode	WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-9016	Debug Log Manager <= 2.5.0 - Unauthenticated Improper Output Neutralization for Logs via log_js_errors AJAX Action_CVE-2026-9016 The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in al...	qriouslad	Debug Log Manager – Conveniently Monitor and Inspect Errors	Jun 6, 2026	CVE
MEDIUM 5.3	CVE-2026-8839	MapPress Maps for WordPress <= 2.96.6 - Unauthenticated Insecure Direct Object Reference via REST API Endpoints_CVE-2026-8839 The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and i...	chrisvrichardson	MapPress Maps for WordPress	Jun 6, 2026	CVE
MEDIUM 4.3	CVE-2026-8611	Klamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' Parameter_CVE-2026-8611 The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4...	klamra22	Klamra Paycal for Aspaclaria	Jun 6, 2026	CVE
MEDIUM 4.3	CVE-2026-7624	SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations_CVE-2026-7624 The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is du...	cifi	SEO Plugin by Squirrly SEO	Jun 6, 2026	CVE
MEDIUM 6.5	MS:CVE-2026-10981	Chromium: CVE-2026-10981 Insufficient validation of untrusted input in Codecs_MS:CVE-2026-10981 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 5, 2026	MSCVE
MEDIUM 6.5	MS:CVE-2026-11194	Chromium: CVE-2026-11194 Inappropriate implementation in Network_MS:CVE-2026-11194 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 5, 2026	MSCVE