CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-50627	Apache CXF: OAuth2: Missing JWT Audience and Issuer Validation in Access Token Validator_CVE-2026-50627 The JwtAccessTokenValidator class in Apache CXF fails to validate the 'aud' (Audience) claims of incoming JWT access tokens. This allows a JWT issu...	Apache Software Foundation	Apache CXF 4.2.0	Jun 12, 2026	CVE
CRITICAL 9.8	CVE-2026-9691	WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability_CVE-2026-9691 Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms	CRM Perks	Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms 1.1.1	Jun 15, 2026	CVE
CRITICAL 9.6	CVE-2026-52703	WordPress FastDup plugin <= 2.7.2 - Path Traversal vulnerability_CVE-2026-52703 Unauthenticated Path Traversal in FastDup	Ninja Team	FastDup n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-52693	WordPress eCommerce Product Catalog plugin <= 3.5.5 - SQL Injection vulnerability_CVE-2026-52693 Unauthenticated SQL Injection in eCommerce Product Catalog	impleCode	eCommerce Product Catalog n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49781	WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability_CVE-2026-49781 Unauthenticated PHP Object Injection in OttoKit	Brainstorm Force	OttoKit n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-49776	WordPress GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites plugin <= 2.32.6 - SQL Injection vulnerability_CVE-2026-49776 Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites	JExtensions Store	GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49770	WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability_CVE-2026-49770 Unauthenticated PHP Object Injection in WP Travel Engine	WP Travel Engine	WP Travel Engine n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49769	WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability_CVE-2026-49769 Unauthenticated PHP Object Injection in wpForo Forum	Tomdever	wpForo Forum n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-49768	WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability_CVE-2026-49768 Unauthenticated PHP Object Injection in Happyforms	The WP Folks	Happyforms n/a	Jun 15, 2026	CVE
CRITICAL 9.9	CVE-2026-49766	WordPress WP User Manager plugin <= 2.9.16 - Arbitrary File Deletion vulnerability_CVE-2026-49766 Subscriber Arbitrary File Deletion in WP User Manager	WP User Manager	WP User Manager n/a	Jun 15, 2026	CVE