CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-49057	WordPress JobSearch plugin <= 3.2.7 - Broken Access Control vulnerability_CVE-2026-49057 Unauthenticated Broken Access Control in JobSearch	EyeCix Technologies	JobSearch n/a	Jun 16, 2026	CVE
HIGH 7.1	CVE-2026-48869	WordPress Enfold theme <= 7.1.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-48869 Unauthenticated Cross Site Scripting (XSS) in Enfold	Kriesi	Enfold n/a	Jun 16, 2026	CVE
MEDIUM 4.8	CVE-2026-48783	Postiz has an unauthenticated billing-enforcement bypass via /public/modify-subscription_CVE-2026-48783 Postiz is an AI social media scheduling tool. Versions prior to 2.21.8 contained an unauthenticated endpoint that accepted a signed token and appli...	gitroomhq	postiz-app < 2.21.8	Jun 16, 2026	CVE
CRITICAL 9.9	CVE-2026-48781	Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery_CVE-2026-48781 Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob i...	gitroomhq	postiz-app < 2.21.8	Jun 16, 2026	CVE
HIGH 7.5	CVE-2026-48779	ws: Memory exhaustion DoS from tiny fragments and data chunks_CVE-2026-48779 ws is an open source WebSocket client and server for Node.js. All versions from 1.1.0 up to (but not including) 5.2.5, from 6.0.0 up to 6.2.4, from...	websockets	ws >= 1.1.0, < 5.2.5	Jun 16, 2026	CVE
CRITICAL 10	CVE-2026-48055	Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction_CVE-2026-48055 Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip v...	truelockmc	streambert < 2.5.0	Jun 16, 2026	CVE
MEDIUM 6.5	CVE-2026-47277	Runtipi: Unauthenticated arbitrary file read through app-store logo symlinks_CVE-2026-47277 Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-s...	runtipi	runtipi >= 4.9.1, < 4.10.0	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40761	WordPress Valeska theme <= 1.2.2 - PHP Object Injection vulnerability_CVE-2026-40761 Unauthenticated PHP Object Injection in Valeska	Edge-Themes	Valeska n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40760	WordPress Behold theme <= 1.5 - PHP Object Injection vulnerability_CVE-2026-40760 Unauthenticated PHP Object Injection in Behold	Edge-Themes	Behold n/a	Jun 16, 2026	CVE
HIGH 8.1	CVE-2026-40759	WordPress Esmée theme <= 1.4 - PHP Object Injection vulnerability_CVE-2026-40759 Unauthenticated PHP Object Injection in Esmée	Mikado-Themes	Esmée n/a	Jun 16, 2026	CVE