CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2026-39502	WordPress Form Maker by 10Web plugin <= 1.15.38 - SQL Injection vulnerability_CVE-2026-39502 Unauthenticated SQL Injection in Form Maker by 10Web	10Web	Form Maker by 10Web 1.15.38	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39493	WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability_CVE-2026-39493 Unauthenticated SQL Injection in Simply Schedule Appointments	NSquared	Simply Schedule Appointments n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39492	WordPress WP Maps plugin <= 4.9.1 - SQL Injection vulnerability_CVE-2026-39492 Unauthenticated SQL Injection in WP Maps	Flipper Code – WordPress Development Company	WP Maps n/a	Jun 15, 2026	CVE
CRITICAL 9.1	CVE-2026-39465	WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability_CVE-2026-39465 Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider	MetaSlider	Responsive Slider by MetaSlider n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39441	WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability_CVE-2026-39441 Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free	Naked Cat Plugins (by Webdados)	Feed KuantoKusta for WooCommerce – Free n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-34901	WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability_CVE-2026-34901 Unauthenticated Privilege Escalation in iControlWP	Paul	iControlWP n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-27053	WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability_CVE-2026-27053 Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.	VideoWhisper.com	Broadcast Live Video n/a	Jun 15, 2026	CVE
CRITICAL 9.1	196189CB-E82D-	Exploit for CVE-2026-53519_196189CB-E82D-5E0B-BD79-68750009496C CVE-2026-53519-PoC PoC exploit for CVE-2026-53519...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-49952	Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle_CVE-2026-49952 Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gai...	Discuz!	Discuz! X5.0 20260320	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-48114	Metacat has an unauthenticated SQL injection vulnerability_CVE-2026-48114 Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthentica...	NCEAS	metacat >= 2.0.0, < 3.0.0	Jun 15, 2026	CVE