CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.6	CVE-2026-55746	Cotonti stored XSS via PFS folder title_CVE-2026-55746 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to stored Cross-Site Scripting in the Personal File Storage (PFS) module. A folder tit...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
MEDIUM 5.4	CVE-2026-55745	Cotonti CSRF in PFS folder edit allows unauthorized folder modification_CVE-2026-55745 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.1	CVE-2026-55744	Cotonti CSRF in PFS allows forced arbitrary file upload_CVE-2026-55744 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the Personal File Storage (PFS) module. In modules/pf...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
CRITICAL 9.6	CVE-2026-55742	Cotonti CSRF in admin.rights.php allows privilege escalation_CVE-2026-55742 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/ad...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-55741	Cotonti CSRF in admin.config.php allows unauthorized configuration changes_CVE-2026-55741 Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/a...	Cotonti	Cotonti 1.0.0	Jun 18, 2026	CVE
CRITICAL 10	CVE-2026-28573	CVE-2026-28573_CVE-2026-28573 In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of serv...	Google	Android 14	Jun 18, 2026	CVE
MEDIUM 6.1	CVE-2026-12137	SysBasics Customize My Account for WooCommerce <= 4.3.6 - Reflected Cross-Site Scripting via 'tab' Parameter_CVE-2026-12137 The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cr...	phppoet	SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager	Jun 18, 2026	CVE
MEDIUM 6.4	CVE-2026-12136	SysBasics Customize My Account for WooCommerce <= 4.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes_CVE-2026-12136 The Customize My Account For Woocommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sysbasics_user_avatar' shortcod...	phppoet	SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager	Jun 18, 2026	CVE
MEDIUM 4.3	CVE-2026-12111	Appointment Booking Calendar <= 1.4.01 - Authenticated (Contributor+) Sensitive Information Exposure via 'id' Parameter_CVE-2026-12111 The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.4.01. Thi...	codepeople	Appointment Booking Calendar	Jun 18, 2026	CVE
LOW 2.7	CVE-2026-12102	UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter_CVE-2026-12102 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecur...	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Jun 18, 2026	CVE