CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	THN:97CE7D79A5B...	ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack_THN:97CE7D79A5B9C74093178E4266ABFB48 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgd4DchiVkQLBMvGHgWrojoZUdyk2SwEhEj5q6cOYzKCUWF1Lz3Mxeizurg1O-SLVi2jg319ib4SJsSoVWixA...	N/A	N/A	Jun 22, 2026	THN
MEDIUM 6.5	CVE-2026-9822	WP Hotel Booking < 2.3.1 - Subscriber+ Missing Authorization in Multiple AJAX Handlers_CVE-2026-9822 The WP Hotel Booking WordPress plugin before 2.3.1 does not enforce capability checks in several of its AJAX handlers, allowing authenticated users...	Unknown	WP Hotel Booking	Jun 19, 2026	CVE
CRITICAL 9.1	CVE-2025-62821	CVE-2025-62821_CVE-2025-62821 Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the repo...	Microsoft	Microsoft HEIF Image Extensions 1.2.22.0	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-51846	CVE-2026-51846_CVE-2026-51846 In Tenda AC7 v15.03.06.44, the wanSpeed parameter of the route /goform/AdvSetMacMtuWan has a stack buffer overflow vulnerability that can lead to r...	Tenda	Tenda AC7 v15.03.06.44	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-51845	CVE-2026-51845_CVE-2026-51845 Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the mac parameter.	Tenda	Tenda AC7 v15.03.06.44	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-51844	CVE-2026-51844_CVE-2026-51844 Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the cloneType parameter.	Tenda	Tenda AC7 v15.03.06.44	Jun 19, 2026	CVE
CRITICAL 9.8	CVE-2026-51843	CVE-2026-51843_CVE-2026-51843 Tenda AC7 v15.03.06.44 contains a stack buffer overflow vulnerability in the /goform/AdvSetMacMtuWan interface via the wanMTU parameter.	Tenda	Tenda AC7 v15.03.06.44	Jun 19, 2026	CVE
MEDIUM 6.1	CVE-2026-4110	Ultimate WooCommerce Auction Pro <= 2.4.5 - Reflected XSS via uwa_auctions_bids_list_CVE-2026-4110 The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page,...	Unknown	ultimate-woocommerce-auction-pro	Jun 22, 2026	CVE
MEDIUM 5.3	CVE-2026-10530	Pie Register < 3.8.4.10 - Unauthenticated Email Verification Bypass via Predictable Token_CVE-2026-10530 The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowin...	Unknown	Pie Register	Jun 22, 2026	CVE
HIGH 8.1	CVE-2025-66336	Apache Doris MCP Server: SQL injection leading the authentication bypass_CVE-2025-66336 Apache Doris MCP Server contains a SQL injection vulnerability in a metadata query path. A user-controlled database name is directly interpolated i...	Apache Software Foundation	Apache Doris MCP Server 0.1.0	Jun 22, 2026	CVE