Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.7	CVE-2026-10835	SALESmanago & Leadoo < 3.11.3 - Subscriber+ SQL Injection_CVE-2026-10835 The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before ...	Unknown	SALESmanago & Leadoo	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-49486	Apache Airflow FTP provider: FTP Provider does not protect FTPS data channel (missing PROT_P)_CVE-2026-49486 The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control...	Apache Software Foundation	Apache Airflow FTP provider	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-11702	Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes_CVE-2026-11702 Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before for...	DAVIDO	Bytes::Random::Secure::Tiny	Jun 26, 2026	CVE
HIGH 7.5	CVE-2026-11625	Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes_CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, o...	DAVIDO	Bytes::Random::Secure	Jun 26, 2026	CVE
HIGH 7.3	CVE-2026-57915	Apache Kerby: Kerberos Pre-Authentication Bypass_CVE-2026-57915 It is possible to bypass the Kerberos pre-authentication check in Apache Kerby by sending a PA-DATA with an unrecognized or unsupported type. Users...	Apache Software Foundation	Apache Kerby	Jun 26, 2026	CVE
MEDIUM 6.8	CVE-2026-9699	Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors_CVE-2026-9699 Mattermost Plugins versions	Mattermost	Mattermost	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-57667	WordPress Groundhogg plugin <= 4.5 - SQL Injection vulnerability_CVE-2026-57667 Sales Representative SQL Injection in Groundhogg	Adrian Tobey	Groundhogg n/a	Jun 26, 2026	CVE
MEDIUM 5.3	CVE-2026-57665	WordPress GravityView plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57665 Unauthenticated Insecure Direct Object References (IDOR) in GravityView	GravityKit	GravityView n/a	Jun 26, 2026	CVE
MEDIUM 4.3	CVE-2026-57664	WordPress Bopo – WooCommerce Product Bundle Builder plugin <= 1.1.6 - Sensitive Data Exposure vulnerability_CVE-2026-57664 Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder	VillaTheme	Bopo – WooCommerce Product Bundle Builder n/a	Jun 26, 2026	CVE
HIGH 8.5	CVE-2026-57663	WordPress Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.2.7 - SQL Injection vulnerability_CVE-2026-57663 Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes	Igor Benic	Recipe Maker For Your Food Blog from Zip Recipes n/a	Jun 26, 2026	CVE