Vulnerability - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-12616	CVE-2026-12616_CVE-2026-12616 The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that str...	Eclipse Foundation	Eclipse CSI - PIA	Jun 29, 2026	CVE
LOW 1.8	CVE-2026-11979	Stack-Based Buffer Overflow in libxml2_CVE-2026-11979 libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function pro...	xmlsoft	libxml2	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57341	WordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerability_CVE-2026-57341 Unauthenticated Insecure Direct Object References (IDOR) in Colissimo Officiel : Méthodes de livraison pour WooCommerce	Colissimo	Colissimo Officiel : Méthodes de livraison pour WooCommerce n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57340	WordPress Japanized For WooCommerce plugin <= 2.9.12 - Broken Access Control vulnerability_CVE-2026-57340 Unauthenticated Broken Access Control in Japanized For WooCommerce	shohei.tanaka	Japanized For WooCommerce n/a	Jun 29, 2026	CVE
MEDIUM 6.6	CVE-2026-57339	WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability_CVE-2026-57339 Unauthenticated Broken Access Control in Business Directory	Strategy11 Team	Business Directory n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57338	WordPress ARForms plugin <= 7.1.2 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57338 Unauthenticated Cross Site Scripting (XSS) in ARForms	Repute InfoSystems	ARForms n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57337	WordPress Landing Page Builder plugin <= 1.5.3.5 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57337 Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder	PluginOps	Landing Page Builder n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57336	WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57336 Unauthenticated Cross Site Scripting (XSS) in Jobify	Astoundify	Jobify n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57335	WordPress Ads by WPQuads plugin <= 3.0.3 - Broken Access Control vulnerability_CVE-2026-57335 Subscriber Broken Access Control in Ads by WPQuads	Ads WPQuads	Ads by WPQuads n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57334	WordPress WP User Frontend plugin <= 4.3.7 - Broken Access Control vulnerability_CVE-2026-57334 Unauthenticated Broken Access Control in WP User Frontend	weDevs	WP User Frontend n/a	Jun 29, 2026	CVE