exploit - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-46765	CVE-2026-46765_CVE-2026-46765 {“lastseen”:””,”description”:””,”published”:”2026-06-16T19:27:13.188Z”,&#82...	Oracle Corporation	Oracle WebCenter Portal 12.2.1.4.0	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-54194	WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability_CVE-2026-54194 Contributor PHP Object Injection in Fusion Builder	ThemeFusion	Fusion Builder n/a	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-49113	WordPress Cornerstone plugin < 7.8.8 - Arbitrary Code Execution vulnerability_CVE-2026-49113 Subscriber Arbitrary Code Execution in Cornerstone < 7.8.8 versions.	THEMECO	Cornerstone n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-49080	WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability_CVE-2026-49080 Unauthenticated SQL Injection in wpDataTables	TMS	wpDataTables n/a	Jun 16, 2026	CVE
HIGH 8.5	CVE-2026-49073	WordPress Directorist Booking plugin <= 3.0.3 - SQL Injection vulnerability_CVE-2026-49073 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpWax Directorist Booking allows Blind SQL In...	wpWax	Directorist Booking n/a	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-49057	WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability_CVE-2026-49057 Unauthenticated Broken Access Control in JobSearch	EyeCix Technologies	JobSearch n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-48869	WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-48869 Unauthenticated Cross Site Scripting (XSS) in Enfold	Kriesi	Enfold n/a	Jun 16, 2026	CVE
MEDIUM 4.8	CVE-2026-48783	Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription_CVE-2026-48783 Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and appli...	gitroomhq	postiz-app < 2.21.8	Jun 16, 2026	CVE
CRITICAL 9.9	CVE-2026-48781	Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery_CVE-2026-48781 Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob i...	gitroomhq	postiz-app < 2.21.8	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-48779	ws: Memory exhaustion DoS from tiny fragments and data chunks_CVE-2026-48779 ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from...	websockets	ws >= 1.1.0, < 5.2.5	Jun 16, 2026	CVE