CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-48055	Streambert: Arbitrary File Write (Zip Slip) via Subtitle Extraction_CVE-2026-48055 Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip v...	truelockmc	streambert < 2.5.0	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-39529	WordPress Elementra theme <= 1.0.9 - PHP Object Injection vulnerability_CVE-2026-39529 Unauthenticated PHP Object Injection in Elementra	ThemeREX Group	Elementra n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-39438	WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability_CVE-2026-39438 Unauthenticated SQL Injection in ListingPro	Emraan Cheema	ListingPro n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-27429	WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability_CVE-2026-27429 Unauthenticated PHP Object Injection in Nifty	BoldThemes	Nifty n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2026-27395	WordPress Support Board plugin < 3.8.9 - Privilege Escalation vulnerability_CVE-2026-27395 Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.	Schiocco	Support Board n/a	Jun 16, 2026	CVE
CRITICAL 10	CVE-2026-25470	WordPress ACPT (Pro) – Custom Post Types plugin for WordPress plugin <= 2.0.47 - Remote Code Execution (RCE) vulnerability_CVE-2026-25470 Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote C...	ACPT	ACPT (Pro) - Custom Post Types Plugin for WordPress n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2025-69122	WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability_CVE-2025-69122 Unauthenticated PHP Object Injection in SeaFood Company	ThemeREX	SeaFood Company n/a	Jun 16, 2026	CVE
CRITICAL 9.8	CVE-2025-69108	WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability_CVE-2025-69108 Unauthenticated PHP Object Injection in Hot Coffee	ThemeREX	Hot Coffee n/a	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-48745	Traccar Client: silent configuration hijack via unverified deep link redirects all GPS telemetry_CVE-2026-48745 Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7...	traccar	traccar-client < 9.7.20	Jun 16, 2026	CVE
CRITICAL 9.3	CVE-2026-48616	CVE-2026-48616_CVE-2026-48616 Rocket.Chat versions	Rocket.Chat	Rocket.Chat	Jun 16, 2026	CVE