CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.9	CVE-2026-46765	CVE-2026-46765_CVE-2026-46765 {“lastseen”:””,”description”:””,”published”:”2026-06-16T19:27:13.188Z”,&#82...	Oracle Corporation	Oracle WebCenter Portal 12.2.1.4.0	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-54194	WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability_CVE-2026-54194 Contributor PHP Object Injection in Fusion Builder	ThemeFusion	Fusion Builder n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-49080	WordPress wpDataTables plugin <= 7.3.6 - SQL Injection vulnerability_CVE-2026-49080 Unauthenticated SQL Injection in wpDataTables	TMS	wpDataTables n/a	Jun 16, 2026	CVE
CRITICAL 9.9	CVE-2026-48781	Postiz has cross-tenant SUPERADMIN takeover via Skool-provider JWT forgery_CVE-2026-48781 Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob i...	gitroomhq	postiz-app < 2.21.8	Jun 16, 2026	CVE
CRITICAL 10	CVE-2026-48055	Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction_CVE-2026-48055 Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip v...	truelockmc	streambert < 2.5.0	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-39529	WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability_CVE-2026-39529 Unauthenticated PHP Object Injection in Elementra	ThemeREX Group	Elementra n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-39438	WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability_CVE-2026-39438 Unauthenticated SQL Injection in ListingPro	Emraan Cheema	ListingPro n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-27429	WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2026-27429 Unauthenticated PHP Object Injection in Nifty	BoldThemes	Nifty n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-27395	WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability_CVE-2026-27395 Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.	Schiocco	Support Board n/a	Jun 16, 2026	CVE
CRITICAL 10	CVE-2026-25470	WordPress ACPT (Pro) – Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability_CVE-2026-25470 Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote C...	ACPT	ACPT (Pro) - Custom Post Types Plugin for WordPress n/a	Jun 16, 2026	CVE