MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-2021	Slideshow Gallery LITE <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alwaysauto' Shortcode Attribute_CVE-2026-2021 The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versio...	contrid	Slideshow Gallery LITE	Jun 18, 2026	CVE
MEDIUM 5.9	CVE-2026-56007	WordPress Ocean Product Sharing plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56007 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OceanWP Ocean Product Sharing allows Stored X...	OceanWP	Ocean Product Sharing n/a	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-44942	libzypp .repo files can have an optional path which can lead to path traversal attacks_CVE-2026-44942 A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could ...	SUSE	libzypp 17.0.0	Jun 18, 2026	CVE
MEDIUM 5.9	CVE-2026-56009	WordPress Bricksable for Bricks Builder plugin <= 1.6.83 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56009 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricksable for Bricks Builder allows Stored X...	Bricksable	Bricksable for Bricks Builder n/a	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-54221	Reflected XSS in UBB.threads_CVE-2026-54221 UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitr...	UBB Systems	UBB.threads	Jun 18, 2026	CVE
MEDIUM 5.1	CVE-2026-54219	Stored XSS in UBB.threads_CVE-2026-54219 UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low...	UBB Systems	UBB.threads	Jun 18, 2026	CVE
MEDIUM 5.2	CVE-2026-9158	CVE-2026-9158_CVE-2026-9158 In Eclipse 4diac FORTE versions 3.0.0 to 3.1.0, a specially crafted DELETE connection command to the management interface can lead to a dangling po...	Eclipse Foundation	Eclipse 4diac 3.0.0	Jun 18, 2026	CVE
MEDIUM 6.5	CVE-2026-42490	domctl lock open to abuse_CVE-2026-42490 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and man...	Xen	Xen consult Xen advisory XSA-492	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-42489	domctl lock open to abuse_CVE-2026-42489 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and man...	Xen	Xen consult Xen advisory XSA-492	Jun 18, 2026	CVE
MEDIUM 5.7	CVE-2026-12539	Docker Sandboxes ICMP egress restriction bypass after daemon restart_CVE-2026-12539 Docker Sandboxes (sbx) blocks ICMP egress with an authorizer applied only at network-creation time, and does not re-apply it to networks rebuilt fr...	Docker	Docker Sandboxes 0.14.0	Jun 18, 2026	CVE