CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-44890	Netty has Unbounded Direct Memory Consumption in its RedisDecoder_CVE-2026-44890 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44250	Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays_CVE-2026-44250 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 11, 2026	CVE
HIGH 8.1	CVE-2026-44249	Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking_CVE-2026-44249 Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2....	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 11, 2026	CVE
HIGH 7.1	CVE-2026-42653	WordPress SliceWP plugin <= 1.2.6 - Cross Site Scripting (XSS) vulnerability_CVE-2026-42653 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iova.Mihai SliceWP allows Stored XSS. This i...	iova.mihai	SliceWP n/a	Jun 11, 2026	CVE
CRITICAL 9.3	CVE-2026-42647	WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability_CVE-2026-42647 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection....	Beardev	JoomSport n/a	Jun 11, 2026	CVE
CRITICAL 9.3	CVE-2026-39494	WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability_CVE-2026-39494 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blin...	WBW Plugins	Product Filter by WBW n/a	Jun 11, 2026	CVE
HIGH 8.4	CVE-2026-45173	Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure_CVE-2026-45173 Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal ...	CyberArk Software, a Palo Alto Networks Company	Identity Browser Extensions 26.0.0	Jun 11, 2026	CVE
HIGH 8.7	CVE-2026-45172	Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command_CVE-2026-45172 Due to incomplete input validation in Idira Privileged Session Manager for SSH (PSMP) versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an auth...	CyberArk Software, a Palo Alto Networks Company	PAM Self-Hosted, Privilege Cloud 14.0	Jun 11, 2026	CVE
CRITICAL 9.3	CVE-2026-45171	Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation_CVE-2026-45171 Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14...	CyberArk Software, a Palo Alto Networks Company	Privileged Session Manager, Vault 14.0	Jun 11, 2026	CVE
MEDIUM 6.5	CVE-2026-47238	ClipBucket: IDOR in videos subtitle editor_CVE-2026-47238 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video su...	MacWarrior	clipbucket-v5 < 5.5.3 - #133	Jun 11, 2026	CVE