MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-50034	Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information_CVE-2026-50034 An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including gl...	Apollo Pharmacy	Blood Glucose Monitoring System (Model No. APG-01 BT) 0x0110_v1.1.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12050	pgAdmin 4: SQL injection in named restore point endpoint_CVE-2026-12050 SQL injection in pgAdmin 4's named restore point endpoint (POST /browser/server/restore_point/{gid}/{sid}). The user-supplied 'value' field was int...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12049	pgAdmin 4: Open redirect in multi-factor authentication flow via unvalidated ‘next’ parameter_CVE-2026-12049 Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register endpoints honoured the user-supplied 'next' query/form...	pgadmin.org	pgAdmin 4 6.0	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-11775	User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery_CVE-2026-11775 The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due...	adamsilverstein	User Admin Simplifier	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-56132	CVE-2026-56132_CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled...	libexpat project	libexpat	Jun 19, 2026	CVE
MEDIUM 4.9	CVE-2026-56131	CVE-2026-56131_CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a ...	libexpat project	libexpat	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-10779	Classified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)_CVE-2026-10779 The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and...	techlabpro1	Classified Listing – AI-Powered Classified ads & Business Directory	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-9013	Bogo <= 3.9.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via REST API_CVE-2026-9013 The Bogo plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.1 via the bogo_rest_create_...	rocklobsterinc	Bogo	Jun 19, 2026	CVE
MEDIUM 6.5	CVE-2026-8118	Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058 – 1.7.1059 – Authenticated (Contributor+) Arbitrary File Read via Data Table Widget CSV File Source_CVE-2026-8118 The Royal Addons for Elementor – Addons and Templates Kit for Elementor plugin for WordPress is vulnerable to Arbitrary File Read in versions 1.7.1...	wproyal	Royal Addons for Elementor – Addons and Templates Kit for Elementor 1.7.1058	Jun 19, 2026	CVE
MEDIUM 4.9	CVE-2026-7547	Woosa <= 2.0.5 - Authenticated (Administrator+) Arbitrary File Read via 'log_file' Parameter_CVE-2026-7547 The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and includin...	teamwsa	Woosa – Marktplaats for WooCommerce	Jun 19, 2026	CVE