CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	9FE7E8BC-4FDD-	Exploit for Out-of-bounds Write in Fortinet Fortiproxy_9FE7E8BC-4FDD-5C40-A866-41D14FB4E0CD CVE-2024-21762 - FortiOS SSL VPN Out-of-Bounds Write Overview \| Field \| Value \| \|-------\|-------\| \| CVE \| CVE-2024-21762 \| \| Advisory \| FG-IR-24-01...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.8	313C0238-45FD-	Exploit for CVE-2026-12416_313C0238-45FD-59C7-9A09-F1668F7DFE47 CVE-2026-12416-CVE-2026-12417 Unauthenticated Account Takeover via Weak Password Reset Validation via 'resetuserid' Parameter \| Unauthenticated Pri...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
NONE	HACKREAD:614136...	Fake npm Packages Impersonate PostCSS Tool to Steal Chrome Passwords_HACKREAD:6141367662A6D7A675D4167ED30B5E35 JFrog warns of malicious npm packages that mimic PostCSS tooling, drop a Windows RAT, and target Chrome-stored passwords through a staged infection...	N/A	N/A	Jun 24, 2026	HACKREAD
HIGH 7.7	CVE-2026-9710	Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Password Hash Disclosure_CVE-2026-9710 The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
HIGH 7.7	CVE-2026-9709	Themeco Cornerstone < 7.8.9 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User Meta Disclosure_CVE-2026-9709 The Cornerstone WordPress plugin before 7.8.9 does not enforce capability checks on one of its REST API routes, allowing any authenticated user to ...	Unknown	Cornerstone 3.0.0	Jun 24, 2026	CVE
LOW 2.7	CVE-2026-10753	Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update_CVE-2026-10753 The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-priv...	Unknown	Site Kit by Google	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10749	Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData_CVE-2026-10749 The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied seria...	Unknown	Post Duplicator	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-10735	ShapedPlugin Multiple Pro Plugins – Backdoor via Compromised Vendor Update Server_CVE-2026-10735 Multiple Shapedsmart-post-show-pro WordPress plugin before 4.0.2, Real Testimonials Pro WordPress plugin before 3.2.5, Product Slider for WooCommer...	Unknown	smart-post-show-pro 4.0.1	Jun 24, 2026	CVE
MEDIUM 5.4	CVE-2026-10531	AI Share & Summarize < 2.0.4 - Contributor+ Stored XSS via title_style Shortcode Attribute_CVE-2026-10531 The AI Share & Summarize WordPress plugin before 2.0.4 does not sanitise and escape some of its shortcode attributes before outputting them in a pa...	Unknown	AI Share & Summarize	Jun 24, 2026	CVE
MEDIUM 5.3	CVE-2026-56761	hono – HTML Injection via Improper JSX Attribute Name Handling in SSR_CVE-2026-56761 hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using ...	hono	hono	Jun 24, 2026	CVE