tapic - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	MALWAREBYTES:BF...	Deepfake porn sites are going offline (re-air) (Lock and Code S07E12)_MALWAREBYTES:BF08B1C9F99DFB1F6F78F43B4FDCFAE4 _This week on the Lock and Code podcast …_ If you weren't taking deepfakes seriously before, it's too late now to ignore them. According to new ...	N/A	N/A	Jun 15, 2026	MALWAREBYTES
NONE	MALWAREBYTES:DD...	Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban_MALWAREBYTES:DD733E96F8F10DD6044EE94F4172A510 Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse by adversaries. Reuters...	N/A	N/A	Jun 15, 2026	MALWAREBYTES
NONE	QUALYSBLOG:FAEE...	What Changed in OWASP Top 10 2025 and Recommendations for Each Category_QUALYSBLOG:FAEEFB8C63E738452101F3466498A8D5 ##### Key Takeaways * The 2025 list introduces two new categories – Software Supply Chain Failures (A03) and Mishandling of Exceptional Conditi...	N/A	N/A	Jun 15, 2026	QUALYSBLOG
CRITICAL 9.8	CVE-2026-41157	GPU DDK – OOB Write in CalculateNPOTTwiddleSparsePageMap3D_CVE-2026-41157 A web page that contains unusual WebGPU content loaded into the GPU GLES render process and can trigger an out-of-bound write in the GPU user-space...	Imagination Technologies	Graphics DDK 1.18 RTM, 23.2 RTM, 24.2 RTM, 25.1 RTM, 26.1 RTM	Jun 12, 2026	CVE
LOW 3.4	CVE-2026-9062	Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal_CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such a...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
LOW 3.5	CVE-2026-9061	Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name_CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store L...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
MEDIUM 5.4	CVE-2026-9278	Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure_CVE-2026-9278 The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of ...	Unknown	Form Builder CP	Jun 15, 2026	CVE
HIGH 7.5	CVE-2026-9863	Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability_CVE-2026-9863 Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installation...	Fortra	Core Privileged Access Manager (BoKS) boks-server 8.1.0.0	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-9862	Core Privileged Access Manager (BoKS) autoregistration service command injection vulnerability_CVE-2026-9862 Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker ...	Fortra	Core Privileged Access Manager (BoKS) boks-server 8.1.0.0	Jun 15, 2026	CVE
MEDIUM 5.3	CVE-2026-9595	webpack-dev-server vulnerable to HMR WebSocket interception via permissive user proxies_CVE-2026-9595 Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR W...	webpack-dev-server	webpack-dev-server	Jun 15, 2026	CVE