MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-10093	File Sharing & Download Manager <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'fldr_ttl' Parameter_CVE-2026-10093 The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' param...	deepakkite	Secure Client Portal and Private File Sharing Plugin – User Private Files	Jun 16, 2026	CVE
MEDIUM 6.5	THN:4C575B5BB9B...	Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw_THN:4C575B5BB9BB1889D35E1074597EB347 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-vJIadGle0Cre1cNAxZIcD9ktkl1mPnUwtEtF1xuMbeH75BnvGq3twL0W2OowYW7ZZMxvzMjdbU-VMEZfEv...	N/A	N/A	Jun 16, 2026	THN
MEDIUM 5.3	CVE-2026-6964	Video Conferencing with Zoom <= 4.6.7 - Missing Authorization to Unauthenticated Zoom SDK Credential Exposure via 'get_auth' AJAX Action_CVE-2026-6964 The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is du...	j_3rk	Video Conferencing with Zoom	Jun 16, 2026	CVE
MEDIUM 5.3	CVE-2026-9187	Abandoned Contact Form 7 <= 2.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion via 'recover_id' Parameter_CVE-2026-9187 The Abandoned Contact Form 7 plugin for WordPress is vulnerable to unauthorized arbitrary post deletion in versions up to, and including, 2.2. This...	zealopensource	Abandoned Contact Form 7	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-5149	RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter_CVE-2026-5149 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submiss...	rometheme	RTMKit	Jun 16, 2026	CVE
MEDIUM 6.7	CVE-2026-50255	CVE-2026-50255_CVE-2026-50255 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbi...	Sony Corporation	Optical Disc Archive Software for Windows 5.5.3 and earlier	Jun 16, 2026	CVE
MEDIUM 4.3	CVE-2026-10780	Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute_CVE-2026-10780 The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to t...	mohammadtanzilurrahman	Static Block	Jun 16, 2026	CVE
MEDIUM 6.3	CVE-2026-10635	Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init_CVE-2026-10635 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_dom...	zephyrproject	zephyr 4.4.0	Jun 16, 2026	CVE
MEDIUM 6.6	CVE-2026-42014	Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin_CVE-2026-42014 A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vu...	Red Hat	Red Hat Enterprise Linux 10 0:3.8.10-4.el10_2	Jun 16, 2026	CVE
MEDIUM 5.6	CVE-2026-1767	Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tags_CVE-2026-1767 A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker cou...	Red Hat	Red Hat Enterprise Linux 10	Jun 16, 2026	CVE