CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.1	CVE-2026-53740	Yoast Duplicate Post through 4.6 Stored Cross-Site Scripting via Scheduled Republish Notice_CVE-2026-53740 Yoast Duplicate Post through 4.6 inserts an unescaped post title and permalink into the Classic Editor scheduled republish notice. Attackers can sc...	Yoast	Yoast Duplicate Post	Jun 10, 2026	CVE
MEDIUM 5.1	CVE-2026-53739	Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice_CVE-2026-53739 Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which verifies n...	Yoast	Yoast Duplicate Post	Jun 10, 2026	CVE
HIGH 7.2	CVE-2026-53738	Copy & Delete Posts through 1.5.4 Privilege Escalation via cdp_action_handling Handler_CVE-2026-53738 Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler. Attackers ...	Inisev	Copy & Delete Posts	Jun 10, 2026	CVE
MEDIUM 5.3	CVE-2026-53737	Juicer through 1.12.18 Stored Cross-Site Scripting via Unescaped API Response_CVE-2026-53737 Juicer through 1.12.18 fails to escape remote feed API response fields before rendering them on the admin settings page. Attackers controlling the ...	saas.group	Juicer	Jun 10, 2026	CVE
MEDIUM 5.1	CVE-2026-53736	Easy Twitter Feeds before 1.2.13 Cross-Site Request Forgery via duplicate_post Action_CVE-2026-53736 Easy Twitter Feeds before 1.2.13 contains a cross-site request forgery vulnerability in the duplicate_post action handler that lacks nonce verifica...	bplugins	Easy Twitter Feeds	Jun 10, 2026	CVE
MEDIUM 4.3	CVE-2026-53634	Sharp: Missing Authorization Check in Quick Creation Command Endpoints_CVE-2026-53634 Sharp is a content management framework built for Laravel as a package. From version 9.0.0 to before version 9.22.3, the create and store endpoints...	code16	sharp >= 9.0.0, < 9.22.3	Jun 10, 2026	CVE
HIGH 8.6	CVE-2026-50131	Fedify has an incomplete SSRF mitigation after GHSA-p9cg-vqcc-grcx: validatePublicUrl allows special-use IPv4 ranges_CVE-2026-50131 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access ...	fedify-dev	fedify >= 0.11.2, < 1.9.12	Jun 10, 2026	CVE
HIGH 7.5	CVE-2026-48110	Russh: SSH message fields were decoded through allocation-first parsers before field-specific bounds_CVE-2026-48110 Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.0, several russh client and server message handlers decoded...	Eugeny	russh >= 0.34.0, < 0.61.0	Jun 10, 2026	CVE
MEDIUM 5.3	CVE-2026-48108	Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input_CVE-2026-48108 Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-stri...	Eugeny	russh >= 0.34.0-beta.1, < 0.61.0	Jun 10, 2026	CVE
MEDIUM 6.5	CVE-2026-48107	Russh: Unchecked keyboard-interactive prompt count in client auth path_CVE-2026-48107 Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication ...	Eugeny	russh >= 0.37.0, < 0.61.0	Jun 10, 2026	CVE