Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.5	CVE-2026-12047	pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047 HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /...	pgadmin.org	pgAdmin 4 6.6	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12046	pgAdmin 4: Unauthenticated pickle deserialization in SQL Editor close / update_connection routes enables remote code execution_CVE-2026-12046 Two state-mutating endpoints in pgAdmin 4's SQL Editor blueprint -- DELETE /sqleditor/close/ and POST /sqleditor/initialize/sqleditor/update_connec...	pgadmin.org	pgAdmin 4 6.9	Jun 18, 2026	CVE
CRITICAL 9	CVE-2026-12045	pgAdmin 4: AI Assistant read-only transaction bypass allows unauthorised writes and remote code execution_CVE-2026-12045 Read-only transaction bypass in the pgAdmin 4 AI Assistant allows an attacker who can influence database content that the assistant reads to execut...	pgadmin.org	pgAdmin 4 9.13	Jun 18, 2026	CVE
HIGH 8.8	CVE-2026-12044	pgAdmin 4: SQL injection in COMMENT ON … IS ‘‘ rendering across dialog templates_CVE-2026-12044 SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS ''`` for a user-supplied description field. The Jinja temp...	pgadmin.org	pgAdmin 4 1.0	Jun 18, 2026	CVE
HIGH 8.7	CVE-2026-8806	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series FX5-ENET/IP Ethernet module_CVE-2026-8806 Expected Behavior Violation vulnerability in Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a r...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP All versions	Jun 19, 2026	CVE
HIGH 8.7	CVE-2026-8805	Denial-of-service (DoS) vulnerability in MELSEC iQ-F Series EtherNet/IP module_CVE-2026-8805 Integer Overflow or Wraparound vulnerability in the EtherNet/IP function of Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP module FX5-E...	Mitsubishi Electric Corporation	Mitsubishi Electric MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-11775	User Admin Simplifier <= 3.0.0 - Cross-Site Request Forgery_CVE-2026-11775 The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due...	adamsilverstein	User Admin Simplifier	Jun 19, 2026	CVE
MEDIUM 6.9	CVE-2026-56132	CVE-2026-56132_CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled...	libexpat project	libexpat	Jun 19, 2026	CVE
MEDIUM 4.9	CVE-2026-56131	CVE-2026-56131_CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a ...	libexpat project	libexpat	Jun 19, 2026	CVE
MEDIUM 4.3	CVE-2026-10779	Classified Listing <= 5.4.2 - Missing Authorization to Authenticated (Subscriber+) Feature Modification via Multiple AJAX Handlers ('listingId'/'id' Parameters)_CVE-2026-10779 The Classified Listing – Classified ads & Business Directory plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and...	techlabpro1	Classified Listing – AI-Powered Classified ads & Business Directory	Jun 19, 2026	CVE