HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-54841	WordPress Vitepos plugin <= 3.4.2 - Sensitive Data Exposure vulnerability_CVE-2026-54841 Unauthenticated Sensitive Data Exposure in Vitepos	Appsbd	Vitepos n/a	Jun 25, 2026	CVE
HIGH 8.5	CVE-2026-54838	WordPress WC Vendors Marketplace plugin <= 2.6.8 - SQL Injection vulnerability_CVE-2026-54838 Subscriber SQL Injection in WC Vendors Marketplace	Rymera Web Co	WC Vendors Marketplace n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-54830	WordPress Five Star Restaurant Reservations plugin <= 2.7.19 - Broken Access Control vulnerability_CVE-2026-54830 Unauthenticated Broken Access Control in Five Star Restaurant Reservations	Etoile Web Design Incorporated	Five Star Restaurant Reservations n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-54829	WordPress WP Photo Album Plus plugin <= 9.1.13.005 - SQL Injection vulnerability_CVE-2026-54829 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows...	Jacob N. Breetvelt	WP Photo Album Plus n/a	Jun 25, 2026	CVE
HIGH 7.5	CVE-2026-54828	WordPress Motors plugin <= 1.4.109 - Broken Access Control vulnerability_CVE-2026-54828 Unauthenticated Broken Access Control in Motors	StylemixThemes	Motors n/a	Jun 25, 2026	CVE
HIGH 8.5	CVE-2026-54822	WordPress SALESmanago & Leadoo plugin <= 3.11.2 - SQL Injection vulnerability_CVE-2026-54822 Subscriber SQL Injection in SALESmanago & Leadoo	SALESmanago	SALESmanago & Leadoo n/a	Jun 25, 2026	CVE
HIGH 7.4	CVE-2026-54821	WordPress Visual Link Preview plugin <= 2.3.1 - Sensitive Data Exposure vulnerability_CVE-2026-54821 Subscriber Sensitive Data Exposure in Visual Link Preview	Bootstrapped Ventures	Visual Link Preview n/a	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-4526	Global ZCL command parser missing minimum-length validation in EmberZNet v9.0.2_CVE-2026-4526 In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process...	Silicon Labs	EmberZNet	Jun 25, 2026	CVE
HIGH 7.2	CVE-2026-49506	CVE-2026-49506_CVE-2026-49506 Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'...	Dell	Wyse Management Suite	Jun 25, 2026	CVE
HIGH 7.1	CVE-2026-47154	Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.2_CVE-2026-47154 In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and termin...	Silicon Labs	EmberZNet	Jun 25, 2026	CVE