CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-7047	Frontend User Notes <= 2.1.1 - Cross-Site Request Forgery to Note Content Modification via 'confirmEdit' Action_CVE-2026-7047 The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due t...	absikandar	Frontend User Notes	Jun 5, 2026	CVE
MEDIUM 4.9	CVE-2026-6448	Quiz and Survey Master (QSM) <= 11.1.2 - Authenticated (Admin+) SQL Injection via 'order' and 'limit' Parameters_CVE-2026-6448 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' ...	expresstech	Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker	Jun 5, 2026	CVE
MEDIUM 4.3	CVE-2026-10038	Charitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' Parameter_CVE-2026-10038 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct ...	smub	Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More	Jun 5, 2026	CVE
LOW 3.8	CVE-2025-12656	Migration, Backup, Staging – WPvivid Backup & Migration <= 0.9.128 - Authenticated (Admin+) Arbitrary Directory Deletion_CVE-2025-12656 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient ...	wpvividplugins	WPvivid — Backup, Migration & Staging	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6242	Authenticated Format String Vulnerability in ONVIF Subscribe Service on TP-Link Tapo C520WS_CVE-2026-6242 An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplie...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6241	Authenticated Format String Vulnerability in ONVIF AddScopes Method on TP-Link Tapo C520WS_CVE-2026-6241 An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6240	Authenticated Stack-based Buffer Overflow in ONVIF DeleteUsers Service on TP-Link Tapo C520WS_CVE-2026-6240 A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when han...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
MEDIUM 6.8	CVE-2026-6239	Authenticated Stack-based Buffer Overflow in ONVIF CreateUsers Service in TP-Link Tao C520WS_CVE-2026-6239 A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
HIGH 7	CVE-2026-34123	Whitelist Validation Bypass in TP-Link Tapo C520WS_CVE-2026-34123 On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a ...	TP-Link Systems Inc.	Tapo C520WS v2	Jun 5, 2026	CVE
NONE	FC7A6C9A-3171-	ccdd-poc_FC7A6C9A-3171-59C6-9828-21470DFE1CF9 ccdd-poc — ¿Dónde está el límite de un solucionador de issues con modelo chico? Serie de POCs que miden no opinan la viabilidad de la arquitectura ...	N/A	N/A	Jun 6, 2026	GITHUBEXPLOIT