MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-8386	WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Marker ID_CVE-2026-8386 The WP Go Maps WordPress plugin before 10.0.10 does not perform any approval-state filtering on its public single-marker REST endpoint, allowing u...	Unknown	WP Go Maps	Jun 15, 2026	CVE
MEDIUM 5.4	CVE-2026-9278	Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure_CVE-2026-9278 The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of ...	Unknown	Form Builder CP	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-9595	webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies_CVE-2026-9595 Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR W...	webpack-dev-server	webpack-dev-server	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-8683	Overly long URLs crash the Mattermost Desktop App_CVE-2026-8683 Mattermost Desktop App versions	Mattermost	Mattermost	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-5038	multer vulnerable to Denial of Service via incomplete cleanup of aborted uploads_CVE-2026-5038 Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malf...	multer	multer 2.0.0-alpha.1	Jun 15, 2026	CVE
MEDIUM 4.8	CVE-2026-10634	Use-after-free in Zephyr native TCP net_tcp_foreach() due to dropping tcp_lock during the callback_CVE-2026-10634 Zephyr's native TCP stack iterates the global connection list in net_tcp_foreach() (subsys/net/ip/tcp.c) using the SYS_SLIST_FOR_EACH_CONTAINER_SAF...	zephyrproject	zephyr 2.5.0	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2025-15659	WordPress Elizaibots plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15659 Contributor Cross Site Scripting (XSS) in Elizaibots	liseperu	Elizaibots n/a	Jun 15, 2026	CVE
MEDIUM 5.9	CVE-2025-15658	WordPress WP Emmet plugin <= 0.3.4 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15658 Administrator Cross Site Scripting (XSS) in WP Emmet	rewish	WP Emmet n/a	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-8385	WP Go Maps < 10.0.10 - Unauthenticated Sensitive Information Disclosure via Datatables AJAX Fallback_CVE-2026-8385 The WP Go Maps WordPress plugin before 10.0.10 does not properly enforce the marker approval filter on the admin-ajax fallback for its datatables ...	Unknown	WP Go Maps	Jun 15, 2026	CVE
MEDIUM 6.3	CVE-2026-6517	Mattermost Desktop App fails to restrict the allow list of domains which NTLM credentials are passed_CVE-2026-6517 Mattermost Desktop App versions	Mattermost	Mattermost	Jun 15, 2026	CVE