Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.5	4E361A66-0287-	Exploit for Path Traversal in Microsoft_4E361A66-0287-5D9D-9DA5-91D2EF34D2CB 🛡️ NimbusPWN-CVE-2022-29799-29800 - Test local privilege escalation security flaws 📖 About this tool This software helps security researchers stud...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	B58A6443-007E-	pansyhebephrenic23.github.io_B58A6443-007E-50BF-A5F9-905979836753 No description provided...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
NONE	C9AAD52B-CC2A-	pharaohound_C9AAD52B-CC2A-5C4D-BBAD-E9DCAB26CB8B ☥ Pharaohound ☥ The Fast-Triage, Command-Generating Active Directory Analysis Engine Pharaohound is a streaming, concurrent, and highly modular Act...	N/A	N/A	Jun 23, 2026	GITHUBEXPLOIT
MEDIUM 5.4	CVE-2026-8378	Frontend File Manager Plugin <= 23.6 - Subscriber+ Stored Cross-Site Scripting via File Rename_CVE-2026-8378 The Frontend File Manager Plugin WordPress plugin through 23.6 does not sanitise nor escape a filename submitted to the frontend file-rename endpoi...	Unknown	Frontend File Manager Plugin	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-8172	Simple Basic Contact Form <= 20250114 - Reflected XSS_CVE-2026-8172 The Simple Basic Contact Form WordPress plugin through 20250114 does not escape user-supplied input before reflecting it into the contact form outp...	Unknown	Simple Basic Contact Form	Jun 23, 2026	CVE
HIGH 8.8	CVE-2026-8163	Infility Global < 2.15.19 - Subscriber+ SQL Injection via order Parameter_CVE-2026-8163 The Infility Global WordPress plugin before 2.15.19 does not properly sanitize and escape some parameters before using them in SQL statements, lead...	Unknown	Infility Global	Jun 23, 2026	CVE
MEDIUM 6.8	CVE-2026-7842	Infility Global < 2.15.20 - Editor+ SQL Injection via orderby Parameter_CVE-2026-7842 The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in...	Unknown	Infility Global	Jun 23, 2026	CVE
HIGH 7.2	CVE-2026-56784	OpenRemote Manager – Cross-Tenant IDOR in Bulk Alarm Deletion_CVE-2026-56784 OpenRemote Manager before 1.24.2 contains an insecure direct object reference vulnerability in the removeAlarms() method that allows authenticated ...	openremote	openremote	Jun 23, 2026	CVE
MEDIUM 6.9	CVE-2026-56762	Hono – Missing Cookie Name Validation in setCookie()_CVE-2026-56762 Hono before 4.12.12 does not validate cookie names on the write path in the setCookie(), serialize(), and serializeSigned() functions, allowing inv...	Hono	Hono	Jun 23, 2026	CVE
HIGH 7.1	CVE-2026-56701	Grav – XML External Entity Injection via SVG Upload_CVE-2026-56701 Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers ...	Grav	Grav	Jun 23, 2026	CVE