HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2026-57336	WordPress Jobify theme <= 4.3.2 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57336 Unauthenticated Cross Site Scripting (XSS) in Jobify	Astoundify	Jobify n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57333	WordPress Link Whisper Free plugin <= 0.9.4 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-57333 Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free	Spencer Haws	Link Whisper Free n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57332	WordPress Wallet System for WooCommerce plugin <= 2.7.6 - Broken Access Control vulnerability_CVE-2026-57332 Subscriber Broken Access Control in Wallet System for WooCommerce	WP Swings	Wallet System for WooCommerce n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57320	WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57320 Unauthenticated Cross Site Scripting (XSS) in BEAR	RealMag777	BEAR n/a	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-56124	phpUploader < 2.0.2 Unauthenticated Database Exposure via index model_CVE-2026-56124 phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents ...	shimosyan	phpUploader	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-55844	Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data_CVE-2026-55844 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores ...	home-assistant	core < 2025.5.0	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-55607	Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution_CVE-2026-55607 Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and n...	anthropics	claude-code >= 2.1.38, < 2.1.163	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-36478	CVE-2026-36478_CVE-2026-36478 An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dl...	n/a	n/a n/a	Jun 26, 2026	CVE
HIGH 8.8	D785B7F1-5FCD-	Exploit for Improper Access Control in Graylog_D785B7F1-5FCD-57AF-BA95-D33887F2F1C7 Exploiting Arbitrary Class Loading on the JVM This repository contains the proof-of-concept exploit presented in my talk: Exploiting Arbitrary Clas...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT
HIGH 7.5	7CABEA7D-2DC5-	Exploit for Uncontrolled Resource Consumption in Github Cmark-Gfm_7CABEA7D-2DC5-58B7-AF42-1DF51CCE3D29 graylog-cve-2023-24824-exploit Proof-of-concept exploit for CVE-2023-24824 demonstrating how an arbitrary class loading primitive can be transforme...	N/A	N/A	Jun 29, 2026	GITHUBEXPLOIT