CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2026-49060	WordPress Hippoo Mobile App for WooCommerce plugin <= 1.9.4 - Privilege Escalation vulnerability_CVE-2026-49060 Incorrect Privilege Assignment vulnerability in Hippoo Mobile App for WooCommerce allows Privilege Escalation. This issue affects Hippoo Mobile Ap...	Hippoo	Hippoo Mobile App for WooCommerce n/a	Jun 11, 2026	CVE
CRITICAL 9.3	CVE-2026-42647	WordPress JoomSport plugin <= 5.7.7 - SQL Injection vulnerability_CVE-2026-42647 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beardev JoomSport allows Blind SQL Injection....	Beardev	JoomSport n/a	Jun 11, 2026	CVE
CRITICAL 9.3	CVE-2026-39494	WordPress Product Filter by WBW plugin <= 3.1.2 - SQL Injection vulnerability_CVE-2026-39494 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WBW Plugins Product Filter by WBW allows Blin...	WBW Plugins	Product Filter by WBW n/a	Jun 11, 2026	CVE
CRITICAL 9.3	CVE-2026-45171	Idira Privileged Session Manager (PSM): Potential Code Execution due to an Incomplete Input Validation_CVE-2026-45171 Incomplete input validation and improperly configured folder permissions within Idira Privileged Session Manager (PSM) versions prior to 15.0.3, 14...	CyberArk Software, a Palo Alto Networks Company	Privileged Session Manager, Vault 14.0	Jun 11, 2026	CVE
CRITICAL 9.8	CVE-2026-45060	ClipBucket: Blind SQL Injection in progress_video.php_CVE-2026-45060 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to bli...	MacWarrior	clipbucket-v5 < 5.5.3 - #129	Jun 11, 2026	CVE
CRITICAL 9.8	CVE-2026-42846	ClipBucket: Remote Play URL Command Injection_CVE-2026-42846 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated us...	MacWarrior	clipbucket-v5 < 5.5.3 - #140	Jun 11, 2026	CVE
CRITICAL 9.1	CVE-2026-50638	Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections_CVE-2026-50638 Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions suc...	PEVANS	Metrics::Any::Adapter::DogStatsd	Jun 10, 2026	CVE
CRITICAL 9.2	CVE-2026-49973	Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings_CVE-2026-49973 Hermes WebUI before version 0.51.358 contains an improper access control vulnerability that allows unauthenticated remote attackers to hijack initi...	nesquena	hermes-webui	Jun 11, 2026	CVE
CRITICAL 9	CVE-2026-41005	UAA accepts SAML Encrypted Assertions authentication bypass_CVE-2026-41005 Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity...	Cloud Foundry	UAA 2.0.0	Jun 11, 2026	CVE
CRITICAL 9.8	THN:752B90FA610...	ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities_THN:752B90FA61064ECC5D562EA512CCEC15 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBpNcbfulhruio1VSh8OPKOjdx3gvP-Chg8OjSm7LZeVK2GaVR-osKeoQjO9e1_56Dtedmlisu76lYc70Wv5...	N/A	N/A	Jun 11, 2026	THN