CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-10552	Blue Captcha <= 2.0.1 - Cross-Site Request Forgery via 'blcap_action' Parameter_CVE-2026-10552 The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or ...	jotis	Blue Captcha	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10092	Cincopa video and media plug-in <= 1.163 - Unauthenticated Stored Cross-Site Scripting via cincopa Shortcode in Post Comments_CVE-2026-10092 The Cincopa video and media plug-in plugin for WordPress is vulnerable to Stored Cross-Site Scripting via cincopa Shortcode in Post Comments in all...	nicashmu	Cincopa video and media plug-in	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-10091	Email JavaScript Cloak <= 1.03 - Unauthenticated Stored Cross-Site Scripting_CVE-2026-10091 The Email JavaScript Cloak plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'email' shortcode in all versions up ...	cgarvey	Email JavaScript Cloak	Jun 24, 2026	CVE
HIGH 8.8	CVE-2026-7761	Ultimate Member <= 2.11.4 - Authenticated (Contributor+) Account Takeover via Password Reset Link Disclosure_CVE-2026-7761 The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2...	ultimatemember	Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin	Jun 24, 2026	CVE
HIGH 7.6	CVE-2026-56052	WordPress Funnel Builder by FunnelKit plugin <= 3.15.0.5 - SQL Injection vulnerability_CVE-2026-56052 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows ...	FunnelKit	Funnel Builder by FunnelKit n/a	Jun 24, 2026	CVE
HIGH 8.8	5CCE7939-1019-	Exploit for CVE-2026-8461_5CCE7939-1019-5F8F-A1B9-EA7B129C8C99 CVE-2026-8461 "PixelSmash" — FFmpeg MagicYUV Heap OOB Write PoC !WARNING This repository contains a working exploit PoC for a heap corruption vulne...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 8.6	THN:881DB7D7759...	Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root_THN:881DB7D77599D527FA15CA26FD8CBC33 ![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivauBSNOsDqBHvUFSnF1NdlWJ8BAt2JVgIo_ZUQhBkVppSz0PvkEmrc9RP1hMf2-oFFRgr5PNm7pxLmPngAJ...	N/A	N/A	Jun 24, 2026	THN
CRITICAL 10	59505BC0-DE3A-	MCATester_59505BC0-DE3A-56CF-96BF-33C4639271E6 MCATester — AI-Powered OSINT & Vulnerability Discovery Platform Built during a security research internship at the National e-Governance Division N...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
MEDIUM 6.5	CVE-2026-9539	libslirp TCP URG OOB Read Information Leak_CVE-2026-9539 An out-of-bounds heap read and integer underflow in the TCP urgent data handling (sosendoob) in freedesktop.org libslirp version before v4.9.2 on h...	freedesktop.org	libslirp	Jun 24, 2026	CVE
CRITICAL 9.1	CVE-2026-12851	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability_CVE-2026-12851 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted netwo...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE