HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-60474	CVE-2025-60474_CVE-2025-60474 A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Den...	n/a	n/a n/a	Jun 24, 2026	CVE
HIGH 7.5	CVE-2025-60467	CVE-2025-60467_CVE-2025-60467 A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attac...	n/a	n/a n/a	Jun 24, 2026	CVE
HIGH 7.5	CVE-2026-9702	InPost PL < 1.9.1 - Unauthenticated WooCommerce Order Parcel-Locker Hijacking_CVE-2026-9702 The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce o...	Unknown	InPost PL	Jun 25, 2026	CVE
HIGH 8.8	CVE-2026-5305	Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS_CVE-2026-5305 The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email repla...	Unknown	Email Address Encoder	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-33612	ZoneToCache can poison the cache_CVE-2026-33612 A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.	PowerDNS	Recursor 5.2.0	Jun 25, 2026	CVE
HIGH 8.7	CVE-2026-56122	Winstone Servlet Engine 0.9.10 Path Traversal via HTTP Request Paths_CVE-2026-56122 Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sen...	rickknowles	Winstone Servlet Container 0.9.10	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-56071	WordPress Forminator plugin <= 1.53.1 - Cross Site Scripting (XSS) vulnerability_CVE-2026-56071 Unauthenticated Cross Site Scripting (XSS) in Forminator	WPMU DEV	Forminator n/a	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-56054	WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability_CVE-2026-56054 Subscriber Arbitrary File Deletion in JS Help Desk	Ahmad	JS Help Desk n/a	Jun 25, 2026	CVE
HIGH 8.8	CVE-2026-56053	WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability_CVE-2026-56053 Subscriber PHP Object Injection in EventPrime	EventPrime	EventPrime n/a	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-56051	WordPress TablePress plugin <= 3.3.1 - Reflected Cross Site Scripting (XSS) vulnerability_CVE-2026-56051 Unauthenticated Cross Site Scripting (XSS) in TablePress	TablePress	TablePress n/a	Jun 25, 2026	CVE