Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.3	CVE-2026-57327	WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability_CVE-2026-57327 Subscriber Broken Access Control in MainWP	mainwp	MainWP n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57326	WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57326 Unauthenticated Cross Site Scripting (XSS) in Business Directory	Strategy11 Team	Business Directory n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57320	WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57320 Unauthenticated Cross Site Scripting (XSS) in BEAR	RealMag777	BEAR n/a	Jun 29, 2026	CVE
CRITICAL 10	CVE-2026-56290	Joomla Extension – joomlack.fr – Unauthenticated file upload in Page Builder CK extension < 3.6.0_CVE-2026-56290 The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to ...	joomlack.fr	JoomlaCK.fr Page Builder CK extension for Joomla 1.0-3.6.0	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-56124	phpUploader < 2.0.2 Unauthenticated Database Exposure via index model_CVE-2026-56124 phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents ...	shimosyan	phpUploader	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-55844	Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data_CVE-2026-55844 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores ...	home-assistant	core < 2025.5.0	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-55607	Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution_CVE-2026-55607 Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and n...	anthropics	claude-code >= 2.1.38, < 2.1.163	Jun 29, 2026	CVE
MEDIUM 4.4	CVE-2026-46406	Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write_CVE-2026-46406 Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path (...	anthropics	claude-code >= 2.1.59, < 2.1.128	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-13579	itsourcecode Hospital Management System patientchangepassword.php sql injection_CVE-2026-13579 A weakness has been identified in itsourcecode Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /pa...	itsourcecode	Hospital Management System 1.0	Jun 29, 2026	CVE
MEDIUM 5.3	CVE-2026-13578	itsourcecode Hospital Management System patientdetail.php sql injection_CVE-2026-13578 A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of t...	itsourcecode	Hospital Management System 1.0	Jun 29, 2026	CVE