CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-48518	MultiJuicer: Login CSRF allows attacker to force victims into their team_CVE-2026-48518 MultiJuicer is used to run separate Juice Shop instances on a central kubernetes cluster without the need for local instances. In versions 8.0.0 th...	juice-shop	multi-juicer >= 8.0.0, < 10.0.1	Jun 15, 2026	CVE
HIGH 8.5	CVE-2026-48124	Cursor Desktop sandbox escape via Claude hook configuration_CVE-2026-48124 Cursor is a code editor built for programming with AI. In versions prior to 3.0.0, the Cursor Desktop could execute workspace-defined Claude hook c...	cursor	cursor < 3.0.0	Jun 15, 2026	CVE
HIGH 8.6	CVE-2026-47825	Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations_CVE-2026-47825 Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affe...	Spring	Spring Cloud Gateway 3.1.0	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-47261	Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction_CVE-2026-47261 Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all() and Fil...	bytecodealliance	wasmtime >= 37.0.0, < 44.0.2	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-45441	WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability_CVE-2026-45441 Unauthenticated Other Vulnerability Type in WpEvently	Magepeople inc.	WpEvently n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-45439	WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability_CVE-2026-45439 Unauthenticated SQL Injection in Realtyna Organic IDX plugin	Realtyna	Realtyna Organic IDX plugin n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-45437	WordPress Product Filter Widget for Elementor plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-45437 Unauthenticated Cross Site Scripting (XSS) in Product Filter Widget for Elementor	Bhavin Thummar	Product Filter Widget for Elementor n/a	Jun 15, 2026	CVE
HIGH 7.1	CVE-2026-42775	WordPress AutomatorWP plugin <= 5.7.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42775 Unauthenticated Cross Site Scripting (XSS) in AutomatorWP	Ruben Garcia	AutomatorWP n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-42752	WordPress Stripe Payments plugin <= 2.0.98 - Bypass Vulnerability vulnerability_CVE-2026-42752 Unauthenticated Bypass Vulnerability in Stripe Payments	mra13 / Team Tips and Tricks HQ	Stripe Payments n/a	Jun 15, 2026	CVE
MEDIUM 6.5	CVE-2026-42743	WordPress Masteriyo – LMS plugin <= 2.1.8 - Broken Authentication vulnerability_CVE-2026-42743 Unauthenticated Broken Authentication in Masteriyo - LMS	ThemeGrill	Masteriyo - LMS n/a	Jun 15, 2026	CVE