MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-24575	WordPress WishList Member X plugin <= 3.29.0 - Broken Access Control vulnerability_CVE-2026-24575 Subscriber Broken Access Control in WishList Member X	WishList Member	WishList Member X n/a	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-12491	Vllm: vllm: image exif rotation & png trns transparency not normalized, causing mismatch between model input and expectations_CVE-2026-12491 A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image meta...	Red Hat	Red Hat AI Inference Server	Jun 17, 2026	CVE
MEDIUM 5.5	CVE-2026-40722	WordPress Yoast SEO Premium plugin <= 26.6 - Broken Access Control vulnerability_CVE-2026-40722 Missing Authorization vulnerability in Yoast BV Yoast SEO Premium allows Exploiting Incorrectly Configured Access Control Security Levels. This is...	Yoast BV	Yoast SEO Premium n/a	Jun 17, 2026	CVE
MEDIUM 4.8	CVE-2026-27870	CROSS-SITE SCRIPTING (XSS) VIA MALICIOUS FILE UPLOAD ON REGESTA SMART HD-PLC OF TELDAT_CVE-2026-27870 An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, registration action IS required) who has the ...	Teldat	Regesta Smart HD-PLC - TLDPH16D2 11.02.05.10.02	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-27869	WEB SERVICE (HTTP) DENIAL OF SERVICE VIA SLOW HEADERS ON REGESTA SMART HD-PLC OF TELDAT_CVE-2026-27869 An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has t...	Teldat	Regesta Smart HD-PLC - TLDPH16D2 11.02.05.10.02	Jun 17, 2026	CVE
MEDIUM 6.9	CVE-2026-27868	PUBLICATION OF SENSITIVE INFORMATION ON REGESTA SMART HD-PLC OF TELDAT_CVE-2026-27868 An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat (in this case, NO registration action is required) who has t...	Teldat	Regesta Smart HD-PLC - TLDPH16D2 11.02.05.10.02	Jun 17, 2026	CVE
MEDIUM 6.6	CVE-2026-12115	Counter Box <= 2.0.13 - Authenticated (Administrator+) PHP Object Injection via Import_CVE-2026-12115 The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions...	wpcalc	Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress	Jun 17, 2026	CVE
MEDIUM 6.4	CVE-2026-8607	myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute_CVE-2026-8607 The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cro...	saadiqbal	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred	Jun 17, 2026	CVE
MEDIUM 6.4	CVE-2026-8494	Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title_CVE-2026-8494 The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in a...	mbis	Permalink Manager Lite	Jun 17, 2026	CVE
MEDIUM 5.8	CVE-2026-55706	CVE-2026-55706_CVE-2026-55706 sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.	OpenBSD	OpenBSD	Jun 17, 2026	CVE