Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-12819	DVP-12SE Missing Authentication and Unauthorized Write access Vulnerability_CVE-2026-12819 Delta Electronics DVP12SE PLC exposes a Modbus TCP service over a specified port without authentication or access control, permitting unauthenticat...	deltaww	DVP-12SE *	Jun 30, 2026	CVE
CRITICAL 9.3	CVE-2026-12818	DVP-12SE Exposure of Sensitive Information Vulnerability_CVE-2026-12818 Delta Electronics DVP12SE PLCs are susceptible to a resource allocation vulnerability without limits or throttling (CWE-770) within their Modbus TC...	deltaww	DVP-12SE *	Jun 30, 2026	CVE
HIGH 8	CVE-2026-12240	Export User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display_name Field_CVE-2026-12240 The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize func...	qlstudio	Export User Data	Jun 30, 2026	CVE
MEDIUM 6.6	CVE-2026-45822	CVE-2026-45822_CVE-2026-45822 decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decod...	SamVerschueren	decode-uri-component 0.1.0	Jun 30, 2026	CVE
HIGH 8.4	CVE-2026-12578	DTMSoft – Deserialization of Untrusted Data Vulnerability_CVE-2026-12578 The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.	deltaww	DTMSoft *	Jun 30, 2026	CVE
NONE	H1:3832393	curl: libcurl upload read callbacks miss recursive API guard, allowing prohibited multi API reentry and ASAN-confirmed UAF_H1:3832393 ## Summary: Several libcurl upload read callback paths invoke the application-provided CURLOPT_READFUNCTION without marking the easy handle as bein...	N/A	N/A	Jun 29, 2026	HACKERONE
HIGH 8.8	THN:9247B208C4F...	Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs_THN:9247B208C4FFADCDFC198B9F5D16121C ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgEWbrJH-z_uAL6GFaOqplYF1ewSOBvFpaKD24W74VEBaSO-pW3sy0I0e57Bmc9yBKV4vb6zWYaVjd-oTSy2...	N/A	N/A	Jun 30, 2026	THN
NONE	37683967-95C5-	PoCE_37683967-95C5-5D47-B7AD-66112BFC2D29 POCE 1. Here we have combined all the frameworks to run in a single docker image in Combinedframeworks folder 2. If needs to run on subset, each fo...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
CRITICAL 9.9	B98A8361-599D-	Exploit for OS Command Injection in Olivetin_B98A8361-599D-5E2B-A55A-3FCFBEC697F8 CVE-2026-27626 — OliveTin OS Command Injection PoC Summary \| \| \| \|---\|---\| \| CVE ID \| CVE-2026-27626 \| \| Component \| OliveTin \| \| Vulnerability Cla...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
HIGH 7	CVE-2026-46309	drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise_CVE-2026-46309 In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise Add v...	Linux	Linux ada7486c5668db542a7d361268df931aca5b726a	Jun 8, 2026	CVE