CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-12291	Use-after-free in the Networking: HTTP component_CVE-2026-12291 Use-after-free in the Networking: HTTP component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird ...	Mozilla	Firefox 115.37	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-8050	CVE-2026-8050_CVE-2026-8050 In SignalRGB versions prior to 1.3.7.0, seven of the thirteen IOCTL handlers dereference the SystemBuffer pointer without first verifying that it i...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
MEDIUM 5.3	CVE-2026-8049	CVE-2026-8049_CVE-2026-8049 In SignalRGB versions prior to 1.3.7.0, the \\.\SignalIo device object is created without an explicit SDDL security descriptor and without FILE_DEV...	SignalRGB	SignalRGB kernel driver	Jun 17, 2026	CVE
HIGH 8.8	CVE-2026-9860	Offload, AI & Optimize with Cloudflare Images <= 1.10.2 - Authenticated (Author+) Remote Code Execution via 'api-key' / 'account-id' Parameters in cf_images_do_setup AJAX Action_CVE-2026-9860 The Offload, AI & Optimize with Cloudflare Images plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including,...	vanyukov	Offload, AI & Optimize with Cloudflare Images	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-9199	Equalize Digital Accessibility Checker <= 1.42.1 - Missing Authorization to Authenticated (Author+) Arbitrary Accessibility Issue Modification via 'largeBatch' Parameter_CVE-2026-9199 The Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance plugin for WordPress is vulnerable to authorization bypass i...	equalizedigital	Equalize Digital Accessibility Checker – WCAG, ADA, EAA and Section 508 compliance	Jun 18, 2026	CVE
CRITICAL 9.8	CVE-2026-55740	SQL Injection in Nur-Alam39 bus-ticket bus_info.php via busid parameter_CVE-2026-55740 Nur-Alam39 bus-ticket (no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad) contains an unauthenticated SQL injection vuln...	Nur-Alam39	bus-ticket	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-12120	FireBox Popups <= 3.1.7 - Unauthenticated Sensitive Information Exposure in 'form_id' Parameter_CVE-2026-12120 The FireBox Popups – Increase Sales and Grow Your Email List plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions u...	fireplugins	FireBox Popups – Increase Sales and Grow Your Email List	Jun 18, 2026	CVE
MEDIUM 5.3	CVE-2026-12093	Simple Membership <= 4.7.5 - Missing Authorization to Unauthenticated Arbitrary Member Account Deactivation via Forged Stripe 'charge.refunded' Webhook_CVE-2026-12093 The Simple Membership plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.7.5. This is due to the pl...	wpinsider-1	Simple Membership	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-11784	Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization <= 4.2.6 - Cross-Site Request Forgery via 'optml_replace_file' AJAX Action_CVE-2026-11784 The Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization plugin for WordPress is vulnerable to Cross-Site Reques...	optimole	Optimole – Optimize Images \| Convert WebP & AVIF \| CDN & Lazy Load \| Image Optimization	Jun 18, 2026	CVE
MEDIUM 4.9	CVE-2026-11777	Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter_CVE-2026-11777 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'nam...	10web	Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	Jun 18, 2026	CVE