Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-11364	Product Specifications for Woocommerce <= 0.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attribute/Group Creation, Modification, and Deletion via 'dwps_modify_groups' and 'dwps_modify_attributes' AJAX Actions_CVE-2026-11364 The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versi...	dornaweb	Product Specifications for Woocommerce	Jun 27, 2026	CVE
HIGH 7.8	ECD48805-B674-	Exploit for Use After Free in Linux Linux_Kernel_ECD48805-B674-5D15-9640-7AE6AB574266 CVE-2026-43499 — Linux Kernel Futex PI Use-After-Free Bug removewaiter in kernel/locking/rtmutex.c is used by the slowlock paths but also for proxy...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 10	449EB399-8D3C-	Exploit for Improper Access Control in Widgetfactorylimited Jce_449EB399-8D3C-5528-B03B-B58DC4645B9D MASTA CVE-2026-48907 Scanner Joomla! JCE 2.9.99.5 Unauthenticated Remote Code Execution RCE Scanner --- 🚨 LEGAL DISCLAIMER & ETHICAL USE This tool...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2026-12415	Invoice Generator <= 1.0.0 - Unauthenticated Privilege Escalation via Account Takeover via 'user_id' Parameter_CVE-2026-12415 The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_accou...	pravel	Invoice Generator	Jun 27, 2026	CVE
HIGH 8.7	7D0D67E6-AAE8-	Exploit for CVE-2026-46331_7D0D67E6-AAE8-52CC-B577-3C66E3ECB231 cve-id ⚡ Simple Usage Use this project only in safe and authorized environments such as: - Local virtual machines - Docker containers - Isolated l...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
NONE	ED09B2EE-07B3-	joomla-exploits-main_ED09B2EE-07B3-547B-93CC-D9DAC465C0D2 joomla-exploits 😸 Title: Joomla! 4.2.8 - Unauthenticated information disclosure Exploit author: HACKFUT Date: 2024-01-24 Vendor Homepage: https://...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
NONE	20339A1B-9C90-	testimonial-widgets-sqli-cve_20339A1B-9C90-5D17-8F25-2CA188B77EB8 CVE-2026-XXXXX Admin SQL Injection in Testimonial Widgets WordPress Plugin via Search Parameter --- Advisory Information \| Field \| Value \| \|-------...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
NONE	90D1D177-0CB7-	sakura-theme-sqli-cve_90D1D177-0CB7-518B-832F-B8A088EB0B9F CVE-2026-XXXXX Unauthenticated SQL Injection in Sakura WordPress Theme via Comment Markdown Parser --- Advisory Information \| Field \| Value \| \|----...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
NONE	5E55BB2B-EBD9-	boxmoe-dove-sqli-cve_5E55BB2B-EBD9-5DB8-8B52-3F16A438DA24 CVE-2026-XXXXX Unauthenticated SQL Injection in Boxmoe Dove WordPress Theme via AJAX Comment Handler --- Advisory Information \| Field \| Value \| \|--...	N/A	N/A	Jun 27, 2026	GITHUBEXPLOIT
MEDIUM 4.3	CVE-2026-13422	HD Quiz 2.2.0 – 2.2.1 – Cross-Site Request Forgery via Multiple AJAX Handlers_CVE-2026-13422 The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce ...	harmonic_design	HD Quiz 2.2.0	Jun 27, 2026	CVE