CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-39465	WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - Remote Code Execution (RCE) vulnerability_CVE-2026-39465 Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider	MetaSlider	Responsive Slider by MetaSlider n/a	Jun 15, 2026	CVE
CRITICAL 9.3	CVE-2026-39441	WordPress Feed KuantoKusta for WooCommerce – Free plugin <= 5.3 - SQL Injection vulnerability_CVE-2026-39441 Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free	Naked Cat Plugins (by Webdados)	Feed KuantoKusta for WooCommerce – Free n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-34901	WordPress iControlWP plugin <= 5.5.3 - Privilege Escalation vulnerability_CVE-2026-34901 Unauthenticated Privilege Escalation in iControlWP	Paul	iControlWP n/a	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-27053	WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability_CVE-2026-27053 Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.	VideoWhisper.com	Broadcast Live Video n/a	Jun 15, 2026	CVE
CRITICAL 9.1	196189CB-E82D-	Exploit for CVE-2026-53519_196189CB-E82D-5E0B-BD79-68750009496C CVE-2026-53519-PoC PoC exploit for CVE-2026-53519...	N/A	N/A	Jun 15, 2026	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2026-49952	Discuz! X5.0 Authentication Bypass via dbbak.php Encryption Oracle_CVE-2026-49952 Discuz! X5.0 releases 20260320 through 20260501 contains an authentication bypass vulnerability that allows unauthenticated remote attackers to gai...	Discuz!	Discuz! X5.0 20260320	Jun 15, 2026	CVE
CRITICAL 9.8	CVE-2026-48114	Metacat has an unauthenticated SQL injection vulnerability_CVE-2026-48114 Metacat is data repository software that helps researchers preserve, share, and discover data. Versions 2.0.0 and and above contain an unauthentica...	NCEAS	metacat >= 2.0.0, < 3.0.0	Jun 15, 2026	CVE
CRITICAL 10	PACKETSTORM:223388	📄 FreePBX SQL Injection / Shell Upload / Remote Root_PACKETSTORM:223388 This Python3 script exploits a remote SQL injection vulnerability in FreePBX and adds a remote shell that achieves root privileges. This issue has ...	N/A	N/A	Jun 15, 2026	PACKETSTORM
CRITICAL 9.8	CVE-2026-11526	GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle_CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle. GD::I...	RURBAN	GD	Jun 14, 2026	CVE
CRITICAL 9.8	CVE-2026-8935	Advanced Google Maps < 6.1.1 - Unauthenticated Administrator Account Creation_CVE-2026-8935 The WP MAPS PRO WordPress plugin before 6.1.1 registers an unauthenticated AJAX action which, given a valid nonce that is publicly emitted on any f...	Unknown	WP MAPS PRO	Jun 15, 2026	CVE