Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
NONE	187ED3AF-60BD-	CVE_187ED3AF-60BD-53B1-B54D-B5110190CA98 CVE Request Disclosure Document Executive Summary A Prototype Pollution → Stored DOM-based Cross-Site Scripting XSS vulnerability exists in the Has...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
NONE	1EF2C6EE-A7AF-	kage_1EF2C6EE-A7AF-573F-A48E-4C1275F9AD4F kage The preview above is a clip. Click it for the full video. A Claude Code plugin that runs a full pentest engagement from inside your coding age...	N/A	N/A	Jun 17, 2026	GITHUBEXPLOIT
NONE	THN:6332B5691B3...	144 Mastra npm Packages Compromised via Hijacked Contributor Account_THN:6332B5691B35A537EE5C97922CFDCCDE ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKLWn0zHFuJ8rkb2bqILIyAGxt_-VJ13Ytmv1TRWtGJkI6Rva5Oag5LdLasE2rmenokuRvoEI2wH0Ayfe_P4...	N/A	N/A	Jun 17, 2026	THN
MEDIUM 6.4	CVE-2026-8607	myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wrap' Shortcode Attribute_CVE-2026-8607 The Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred plugin for WordPress is vulnerable to Stored Cro...	saadiqbal	Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred	Jun 17, 2026	CVE
MEDIUM 6.4	CVE-2026-8494	Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title_CVE-2026-8494 The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in a...	mbis	Permalink Manager Lite	Jun 17, 2026	CVE
CRITICAL 10	CVE-2026-28615	CVE-2026-28615_CVE-2026-28615 In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of pri...	Google	Android 17	Jun 17, 2026	CVE
CRITICAL 10	CVE-2026-28587	CVE-2026-28587_CVE-2026-28587 In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could l...	Google	Android 17	Jun 17, 2026	CVE
CRITICAL 10	CVE-2026-28576	CVE-2026-28576_CVE-2026-28576 In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure...	Android	Android 17	Jun 17, 2026	CVE
CRITICAL 10	CVE-2026-28575	CVE-2026-28575_CVE-2026-28575 In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible ...	Google	Android 17	Jun 17, 2026	CVE
HIGH 7.5	CVE-2026-12199	Unauthenticated Denial of Service in nltk.app.wordnet_app_CVE-2026-12199 A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when ...	nltk	nltk/nltk unspecified	Jun 17, 2026	CVE