Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.5	CVE-2026-48909	Joomla Extension – joomshaper.com – PHP Object injection in SP LMS extension for Joomla < 4.1.4_CVE-2026-48909 SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker t...	joomshaper.net	SP LMS extension for Joomla 1.0.0-4.1.3	Jun 20, 2026	CVE
CRITICAL 10	CVE-2026-48908	Joomla Extension – joomshaper.com – Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.12_CVE-2026-48908 A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code ...	joomshaper.net	SP Page Builder extension for Joomla 1.0.0-6.6.1	Jun 20, 2026	CVE
MEDIUM 5.9	CVE-2026-12673	CVE-2026-12673_CVE-2026-12673 Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secon...	liquidfiles	liquidfiles	Jun 20, 2026	CVE
CRITICAL 10	D4275D24-A482-	GumVulns_D4275D24-A482-561B-8402-1DE456184863 GumVulns A single-file PHP CLI that searches many vulnerability APIs in parallel and returns a normalized record for each hit: CVE id, description,...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
HIGH 8.6	3E4275D3-0547-	Exploit for Server-Side Request Forgery in Vercel Next.Js_3E4275D3-0547-519B-A6B4-38321844D41A ╔══════════════════════════════════════════════════════════════╗ ║ NextSSRF — CVE-2026-44578 Scanner & Exploit ║ ║ Next.js WebSocket Upgrade Handle...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
NONE	AF15C141-8026-	sql-injection-vulnerability-scanner_AF15C141-8026-5A38-9333-A542B5316D04 ...	N/A	N/A	Jun 20, 2026	GITHUBEXPLOIT
NONE	WIRED:6EAA0778F...	Hackers Claim to Leak Stolen Madison Square Garden Data_WIRED:6EAA0778FAA6CAA5158FCD6DCCC93CBC Plus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email and more.	N/A	N/A	Jun 20, 2026	WIRED
HIGH 7.5	THN:3C02EE8690F...	Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys_THN:3C02EE8690F770FB334836241DFA97E7 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjL1kN23KhnFjdjHcR0i-iySK1Zv-kkApPs6yBq11670ubXx0NiAbgDMoYSfwQNyq9asso5AG9KcPRXEL4LU8...	N/A	N/A	Jun 20, 2026	THN
MEDIUM 6.5	CVE-2026-12119	Simple File List <= 6.3.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary File Operations (Deletion / Move / Folder Creation / Download) via 'frontmanage' Shortcode Attribute_CVE-2026-12119 The Simple File List plugin for WordPress is vulnerable to unauthorized file operations due to a missing authorization check on the 'frontmanage' s...	eemitch	Simple File List	Jun 20, 2026	CVE
HIGH 7.5	CVE-2026-11912	Simple File List <= 6.3.7 - Missing Authorization to Unauthenticated File Modification via simplefilelist_edit_job AJAX Action_CVE-2026-11912 The Simple File List plugin for WordPress is vulnerable to arbitrary file modification due to insufficient authorization checks in all versions up ...	eemitch	Simple File List	Jun 20, 2026	CVE