CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-8443	WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'stypes' Parameter_CVE-2026-8443 The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_...	https://wpreviewslider.com/	WP Review Slider Pro	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-6933	Premmerce Dev Tools <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Remote Code Execution via Plugin Creation_CVE-2026-6933 The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and including 2.0. ...	premmerce	Premmerce Dev Tools	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-5149	RTMKit <= 2.0.7 - Authenticated (Contributor+) Missing Authorization to Arbitrary Form Submission Access via 'entries_id' Parameter_CVE-2026-5149 The RTMKit plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 2.0.7 This is due to the get_submiss...	rometheme	RTMKit	Jun 16, 2026	CVE
MEDIUM 6.7	CVE-2026-50255	CVE-2026-50255_CVE-2026-50255 Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbi...	Sony Corporation	Optical Disc Archive Software for Windows 5.5.3 and earlier	Jun 16, 2026	CVE
MEDIUM 4.3	CVE-2026-10780	Static Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' Attribute_CVE-2026-10780 The Static Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2. This is due to t...	mohammadtanzilurrahman	Static Block	Jun 16, 2026	CVE
MEDIUM 6.3	CVE-2026-10635	Dangling memory-domain pointer (use-after-free) in Xtensa MMU page-table code on memory-domain de-init_CVE-2026-10635 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_dom...	zephyrproject	zephyr 4.4.0	Jun 16, 2026	CVE
NONE	B330A5D9-A16C-	Mr-Robot-CTF-Automation-Scripts_B330A5D9-A16C-5448-ACE0-A24AA4413B17 No description provided...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
HIGH 8.8	CVE-2026-7273	CVE-2026-7273_CVE-2026-7273 A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-ba...	Zyxel	GS1900-48HPv2 firmware <= 2.90(ABTQ.1)C0	Jun 16, 2026	CVE
CRITICAL 10	5773EA35-AE6F-	Exploit for Deserialization of Untrusted Data in Facebook React_5773EA35-AE6F-5F32-8C58-AE355FF2E15B CVE-2025-55182 — React2Shell Critical pre-authentication Remote Code Execution vulnerability in React Server Components RSC, Next.js, and related f...	N/A	N/A	Jun 16, 2026	GITHUBEXPLOIT
MEDIUM 6.6	CVE-2026-42014	Gnutls: fix use-after-free in gnutls_pkcs11_token_set_pin_CVE-2026-42014 A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vu...	Red Hat	Red Hat Enterprise Linux 10 0:3.8.10-4.el10_2	Jun 16, 2026	CVE