CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.5	CVE-2026-54813	WordPress SureDash plugin <= 1.8.0 - SQL Injection vulnerability_CVE-2026-54813 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brainstorm Force SureDash allows Blind SQL In...	Brainstorm Force	SureDash n/a	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54809	WordPress GIFT4U plugin <= 1.0.10 - SQL Injection vulnerability_CVE-2026-54809 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection....	VillaTheme	GIFT4U n/a	Jun 17, 2026	CVE
CRITICAL 9.3	CVE-2026-54808	WordPress WP Travel Gutenberg Blocks plugin <= 3.9.4 - SQL Injection vulnerability_CVE-2026-54808 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel Gutenberg Blocks allows B...	WP Travel	WP Travel Gutenberg Blocks n/a	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-54417	Integer Overflow in rxi/microtar mtar_next() Causes Infinite Loop DoS_CVE-2026-54417 An integer overflow in the mtar_next() function in src/microtar.c in rxi microtar 0.1.0 allows a remote attacker to cause a denial of service (unco...	rxi	microtar 0.1.0	Jun 17, 2026	CVE
HIGH 7.7	CVE-2026-54193	WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability_CVE-2026-54193 Contributor Arbitrary File Deletion in Fusion Builder	ThemeFusion	Fusion Builder n/a	Jun 17, 2026	CVE
MEDIUM 6.5	CVE-2026-52716	WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability_CVE-2026-52716 Unauthenticated Arbitrary File Deletion in WorkScout-Core	purethemes	WorkScout-Core n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-52707	WordPress Kastell theme <= 2.0 - Local File Inclusion vulnerability_CVE-2026-52707 Unauthenticated Local File Inclusion in Kastell	Mikado-Themes	Kastell n/a	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-49268	Apache Shiro: LDAP DN Injection in DefaultLdapRealm_CVE-2026-49268 A remote attacker can inject LDAP special characters into the Distinguished Name (DN) construction in DefaultLdapRealm class. User-supplied usernam...	Apache Software Foundation	Apache Shiro	Jun 17, 2026	CVE
CRITICAL 9.8	CVE-2026-49108	WordPress Moderno theme < 1.43 - PHP Object Injection vulnerability_CVE-2026-49108 Unauthenticated PHP Object Injection in Moderno < 1.43 versions.	park_of_ideas	Moderno n/a	Jun 17, 2026	CVE
HIGH 8.1	CVE-2026-40757	WordPress Château theme <= 1.2.1 - PHP Object Injection vulnerability_CVE-2026-40757 Unauthenticated PHP Object Injection in Château	Mikado-Themes	Château n/a	Jun 17, 2026	CVE