MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	CVE-2025-55641	CVE-2025-55641_CVE-2025-55641 A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial ...	n/a	n/a n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-49775	WordPress Welcart e-Commerce plugin <= 2.11.28 - Broken Access Control vulnerability_CVE-2026-49775 Unauthenticated Broken Access Control in Welcart e-Commerce	info@welcart	Welcart e-Commerce n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-49773	WordPress FV Flowplayer Video Player plugin < 7.5.51.7212 - Cross Site Scripting (XSS) vulnerability_CVE-2026-49773 Subscriber Cross Site Scripting (XSS) in FV Flowplayer Video Player < 7.5.51.7212 versions.	FolioVision	FV Flowplayer Video Player n/a	Jun 15, 2026	CVE
MEDIUM 4.7	CVE-2026-49043	WordPress WP Migrate Lite plugin <= 2.7.8 - Cross Site Request Forgery (CSRF) vulnerability_CVE-2026-49043 Unauthenticated Cross Site Request Forgery (CSRF) in WP Migrate Lite	WP Engine	WP Migrate Lite n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48965	WordPress XCloner plugin <= 4.8.6 - Sensitive Data Exposure vulnerability_CVE-2026-48965 Subscriber Sensitive Data Exposure in XCloner	watchful	XCloner n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48887	WordPress JS Help Desk plugin <= 3.0.9 - Broken Access Control vulnerability_CVE-2026-48887 Unauthenticated Broken Access Control in JS Help Desk	Ahmad	JS Help Desk n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48880	WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48880 Subscriber Cross Site Scripting (XSS) in WP Job Portal	Ahmad	WP Job Portal n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48878	WordPress Visual Link Preview plugin <= 2.4.1 - Sensitive Data Exposure vulnerability_CVE-2026-48878 Subscriber Sensitive Data Exposure in Visual Link Preview	Bootstrapped Ventures	Visual Link Preview n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-48870	WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability_CVE-2026-48870 Subscriber Cross Site Scripting (XSS) in King Addons for Elementor	King Addons	King Addons for Elementor n/a	Jun 15, 2026	CVE
MEDIUM 4.3	CVE-2026-48518	MultiJuicer: Login CSRF allows attacker to force victims into their team_CVE-2026-48518 MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 th...	juice-shop	multi-juicer >= 8.0.0, < 10.0.1	Jun 15, 2026	CVE