MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-6292	MP Customize Login Page <= 1.0 - Cross-Site Request Forgery to Settings Update_CVE-2026-6292 The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to and including 1.0. This i...	manuelpadillac	MP Customize Login Page	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-12094	Advanced Contact Form 7 <= 1.0.0 - Missing Authorization to Unauthenticated Arbitrary Contact Form Submission Deletion via 'form_id' Parameter_CVE-2026-12094 The Advanced Contact Form 7 - Compact DB plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on t...	iamranit	Advanced Contact Form 7 – Compact DB	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-11997	Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update_CVE-2026-11997 The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or ...	seo_tools	Bulk SEO Image	Jun 24, 2026	CVE
MEDIUM 6.4	CVE-2026-11370	WP Meta SEO <= 4.5.18 - Authenticated (Contributor+) Server-Side Request Forgery via 'new_link' Parameter_CVE-2026-11370 The WP Meta SEO plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.5.18 via the 'new_link' p...	joomunited	WP Meta SEO	Jun 24, 2026	CVE
MEDIUM 4.3	CVE-2026-10552	Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter_CVE-2026-10552 The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or ...	jotis	Blue Captcha	Jun 24, 2026	CVE
MEDIUM 6.5	CVE-2026-9539	libslirp TCP URG OOB Read Information Leak_CVE-2026-9539 An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on h...	freedesktop.org	libslirp	Jun 24, 2026	CVE
MEDIUM 6.2	CVE-2026-12488	GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability_CVE-2026-12488 A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can l...	GeoVision Inc.	GeoVision V20.0.2	Jun 24, 2026	CVE
MEDIUM 6.4	CVE-2026-11614	Xpro Addons <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via 'custom_attributes' Parameter of Multiple Widgets_CVE-2026-11614 The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attributes' paramete...	xpro	Xpro Addons — 140+ Widgets for Elementor	Jun 24, 2026	CVE
MEDIUM 6.7	37C50661-A878-	kev-investigator_37C50661-A878-507B-9377-0F99874BB5CE KEV Investigator An automated investigation draft generator for CISA's Known Exploited Vulnerabilities KEV catalog — built to remove the repetitive...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
MEDIUM 5.1	CVE-2026-6458	AES-256-GCM Authentication Tag Does Not Cover First Ciphertext Blocks When AAD Is Empty_CVE-2026-6458 Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming...	Caliptra	Core Runtime Firmware 2.0.0	Jun 23, 2026	CVE