MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-9732	EmergencyWP <= 1.4.2 - Cross-Site Request Forgery to Plugin Settings Update_CVE-2026-9732 The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, an...	planetshaker	EmergencyWP – Dead Man's switch & legacy deliverance	Jun 2, 2026	CVE
MEDIUM 4.4	CVE-2026-7421	Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting_CVE-2026-7421 The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to t...	passeum	Passeum Ticketing	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10692	johnhuang316 code-index-mcp search_code_advanced is_safe_regex_pattern redos_CVE-2026-10692 A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function is_safe_regex_pattern of the component search_...	johnhuang316	code-index-mcp 2.0	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10691	wonderwhy-er DesktopCommanderMCP start_search search-manager.ts redos_CVE-2026-10691 A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manag...	wonderwhy-er	DesktopCommanderMCP 0.2.0	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10690	wonderwhy-er DesktopCommanderMCP read_file filesystem.ts readFileFromUrl server-side request forgery_CVE-2026-10690 A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesyst...	wonderwhy-er	DesktopCommanderMCP 0.2.37	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-45289	CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens_CVE-2026-45289 CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol ...	CloudburstMC	Protocol < 3.0.0.Beta12-20260420.182526-15	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-41569	authentik: WS-Federation wreply origin bypass can exfiltrate signed login responses to attacker-controlled endpoints_CVE-2026-41569 authentik is an open-source identity provider. Prior to version 2026.2.3, the WS-Federation provider validates the user-supplied wreply parameter u...	goauthentik	authentik < 2026.2.3	Jun 2, 2026	CVE
MEDIUM 5.3	CVE-2026-10624	SourceCodester Human Resource Management Employee View detailview.php resource injection_CVE-2026-10624 A vulnerability has been found in SourceCodester Human Resource Management 1.0. Affected by this vulnerability is an unknown functionality of the f...	SourceCodester	Human Resource Management 1.0	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-10620	code-projects Student Admission System index.php sql injection_CVE-2026-10620 A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of t...	code-projects	Student Admission System 1.0	Jun 2, 2026	CVE
MEDIUM 6.9	CVE-2026-10619	sayan365 student-management-system improper authentication_CVE-2026-10619 A vulnerability was detected in sayan365 student-management-system up to 7f3c9ce7d410332335c2affac93a385485051800. This impacts an unknown function...	sayan365	student-management-system n/a	Jun 2, 2026	CVE