CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.4	CVE-2026-9125	The Ultimate Video Player For WordPress <= 4.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link_url' Shortcode Attribute_CVE-2026-9125 The Presto Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_url' parameter of the [presto_player_overlay] sho...	2winfactor	Presto Player	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-11933	Post-authentication use-after-free in server-side JavaScript BSON-to-array conversion_CVE-2026-11933 A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An aut...	MongoDB	MongoDB 8.3.0, 8.2.0, 8.0.0, 7.0.0, 6.0, 5.0, 4.4.0	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-49482	ClipBucket: SQL Wildcard Injection in Subtitle Edit Endpoint Allows Mass Subtitle Overwrite_CVE-2026-49482 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wil...	MacWarrior	clipbucket-v5 < 5.5.3 - #141	Jun 11, 2026	CVE
NONE	7232ACFB-AE9E-	RISC-V-In-Proactive-computer-Security-PCS_7232ACFB-AE9E-5288-A52D-C6F60CDEA648 Exploring RISC-V in Proactive Computer Security PCS PUK project - Department of Computer Science, University of Copenhagen Project by Claes Refsgaa...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
NONE	3B2D8E23-12AF-	RISC-V-In-Proactive-computer-Security-PCS-_3B2D8E23-12AF-565D-95C7-F7DECDA5D513 Exploring RISC-V in Proactive Computer Security PCS PUK project - Department of Computer Science, University of Copenhagen Project by Claes Refsgaa...	N/A	N/A	Jun 11, 2026	GITHUBEXPLOIT
HIGH 7	CVE-2026-6250	Authenticated Format String Injection on TP-Link Tapo C110_CVE-2026-6250 An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Extern...	TP-Link Systems Inc.	Tapo C110 v2	Jun 11, 2026	CVE
CRITICAL 9.8	CVE-2026-49060	WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability_CVE-2026-49060 Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile Ap...	Hippoo	Hippoo Mobile App for WooCommerce n/a	Jun 11, 2026	CVE
HIGH 8.5	CVE-2026-45174	Idira Endpoint Privilege Manager Linux Agent: Potential bypass of Agent Daemon Initialization_CVE-2026-45174 Idira Endpoint Privilege Manager Linux Agent versions prior to 26.5 allow a local attacker to potentially compromise the agent daemon initializatio...	CyberArk Software, a Palo Alto Networks Company	Idira Endpoint Privilege Manager 26.0	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44890	Netty has Unbounded Direct Memory Consumption in its RedisDecoder_CVE-2026-44890 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 11, 2026	CVE
HIGH 7.5	CVE-2026-44250	Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays_CVE-2026-44250 Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 11, 2026	CVE