CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2026-34894	WordPress Integrio Core plugin < 1.2.8 - Local File Inclusion vulnerability_CVE-2026-34894 Unauthenticated Local File Inclusion in Integrio Core < 1.2.8 versions.	WebGeniusLab	Integrio Core n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-34893	WordPress Thegov Core plugin < 2.0.23 - Local File Inclusion vulnerability_CVE-2026-34893 Unauthenticated Local File Inclusion in Thegov Core < 2.0.23 versions.	WebGeniusLab	Thegov Core n/a	Jun 16, 2026	CVE
MEDIUM 5.6	CVE-2026-2604	Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling_CVE-2026-2604 A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus ac...	GNOME	Evolution Data Server	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-27429	WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2026-27429 Unauthenticated PHP Object Injection in Nifty	BoldThemes	Nifty n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-27395	WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability_CVE-2026-27395 Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.	Schiocco	Support Board n/a	Jun 16, 2026	CVE
CRITICAL 10	CVE-2026-25470	WordPress ACPT (Pro) – Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability_CVE-2026-25470 Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote C...	ACPT	ACPT (Pro) - Custom Post Types Plugin for WordPress n/a	Jun 16, 2026	CVE
HIGH 8.8	CVE-2026-12256	WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability_CVE-2026-12256 Contributor PHP Object Injection in Avada	ThemeFusion	Avada n/a	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-11410	OS Command Injection in BigPond Cable (BPA) Configuration in TP-Link TL-WR940N_CVE-2026-11410 An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sani...	TP-Link Systems Inc.	TL-WR940N v6	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-11409	OS Command Injection in IPv6 PPPoE Configuration in TP-Link TL-WR940N_CVE-2026-11409 An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of ...	TP-Link Systems Inc.	TL-WR940N v6	Jun 16, 2026	CVE
HIGH 8.1	CVE-2025-69178	WordPress Truemag theme <= 4.3.14.2 - Local File Inclusion vulnerability_CVE-2025-69178 Unauthenticated Local File Inclusion in Truemag	CactusThemes	Truemag n/a	Jun 16, 2026	CVE