HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-12439	CVE-2026-12439_CVE-2026-12439 Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via...	Google	Chrome 149.0.7827.155	Jun 17, 2026	CVE
HIGH 8.3	CVE-2026-12438	CVE-2026-12438_CVE-2026-12438 Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the rende...	Google	Chrome 149.0.7827.155	Jun 17, 2026	CVE
HIGH 8.3	CVE-2026-12437	CVE-2026-12437_CVE-2026-12437 Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process t...	Google	Chrome 149.0.7827.155	Jun 17, 2026	CVE
HIGH 8.4	CVE-2026-11858	Missing authorization in Quanos SCHEMA ST4 Client Update Service allows arbitrary file overwrite as SYSTEM_CVE-2026-11858 Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHO...	Quanos Solutions GmbH	SCHEMA ST4 SCHEMA ST4 on-premises, all versions	Jun 17, 2026	CVE
HIGH 8.4	CVE-2026-11857	Insecure .NET Remoting deserialization in Quanos SCHEMA ST4 Client Update Service allows local privilege escalation_CVE-2026-11857 Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in t...	Quanos Solutions GmbH	SCHEMA ST4 SCHEMA ST4 on-premises, all versions	Jun 17, 2026	CVE
HIGH 7.1	CVE-2025-31013	WordPress Themify Folo theme <= 1.9.6 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2025-31013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Folo allows Reflected XSS. This issu...	Themify	Themify Folo n/a	Jun 17, 2026	CVE
HIGH 8.3	CVE-2026-9591	Cross-Site Request Forgery (CSRF) in SimplCommerce News Module_CVE-2026-9591 Cross-site request forgery (CSRF) in NewsItemApiController in SimplCommerce prior to commit 6233d73e allows an unauthenticated remote attacker to c...	simplcommerce	SimplCommerce	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-55738	Stack Buffer Overflow in rxi/microtar raw_to_header() via non-null-terminated TAR name field_CVE-2026-55738 A stack-based buffer overflow exists in the raw_to_header() function in src/microtar.c in rxi microtar 0.1.0. The function copies the 100-byte name...	rxi	microtar 0.1.0	Jun 17, 2026	CVE
HIGH 8.5	CVE-2026-54818	WordPress Slimstat Analytics plugin <= 5.4.11 - SQL Injection vulnerability_CVE-2026-54818 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs Slimstat Analytics allows Blind SQ...	VeronaLabs	Slimstat Analytics n/a	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-54816	WordPress Advanced Ads plugin <= 2.0.21 - Remote Code Execution (RCE) vulnerability_CVE-2026-54816 Improper Control of Generation of Code ('Code Injection') vulnerability in Monetizemore Advanced Ads allows Remote Code Inclusion. This issue affe...	Monetizemore	Advanced Ads n/a	Jun 17, 2026	CVE