MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.6	CVE-2026-12115	Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import_CVE-2026-12115 The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions...	wpcalc	Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress	Jun 17, 2026	CVE
MEDIUM 6.4	CVE-2026-8607	myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute_CVE-2026-8607 The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cro...	saadiqbal	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred	Jun 17, 2026	CVE
MEDIUM 6.4	CVE-2026-8494	Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title_CVE-2026-8494 The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in a...	mbis	Permalink Manager Lite	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-55706	CVE-2026-55706_CVE-2026-55706 sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.	OpenBSD	OpenBSD	Jun 17, 2026	CVE
MEDIUM 6.8	CVE-2025-15642	Netskope Client Service Insufficient Access Controls_CVE-2025-15642 Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to ...	Netskope	Netskope Client	Jun 17, 2026	CVE
MEDIUM 6.8	CVE-2025-15641	Netskope Client Exposed IOCTL with Insufficient Access Controls_CVE-2025-15641 Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can...	Netskope	Netskope Client	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-48783	Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription_CVE-2026-48783 Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and appli...	gitroomhq	postiz-app < 2.21.8	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-47277	Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks_CVE-2026-47277 Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-s...	runtipi	runtipi >= 4.9.1, < 4.10.0	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-39433	WordPress WPAMS plugin < 49.5.3 - Arbitrary Content Deletion vulnerability_CVE-2026-39433 Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.	mojoomla	WPAMS n/a	Jun 16, 2026	CVE
MEDIUM 5.6	CVE-2026-2604	Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling_CVE-2026-2604 A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus ac...	GNOME	Evolution Data Server	Jun 16, 2026	CVE