Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-12293	Use-after-free in the Graphics: WebGPU component_CVE-2026-12293 Use-after-free in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.	Mozilla	Firefox 152	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-12292	Incorrect boundary conditions in the Web Audio component_CVE-2026-12292 Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thu...	Mozilla	Firefox 140.12	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-12291	Use-after-free in the Networking: HTTP component_CVE-2026-12291 Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird ...	Mozilla	Firefox 115.37	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-8050	CVE-2026-8050_CVE-2026-8050 In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it i...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-8049	CVE-2026-8049_CVE-2026-8049 In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEV...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-9860	Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action_CVE-2026-9860 The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including,...	vanyukov	Offload, AI & Optimize with Cloudflare Images	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-9199	Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter_CVE-2026-9199 The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass i...	equalizedigital	Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-55740	SQL Injection in Nur-Alam39 bus-ticket bus_info.php via busid parameter_CVE-2026-55740 Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad) contains an unauthenticated SQL injection vuln...	Nur-Alam39	bus-ticket	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-12120	FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter_CVE-2026-12120 The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u...	fireplugins	FireBox Popups – Increase Sales and Grow Your Email List	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-12093	Simple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' Webhook_CVE-2026-12093 The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the pl...	wpinsider-1	Simple Membership	Jun 18, 2026	CVE