MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-12349	Premium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion via 'add_custom_sidebar' and 'remove_custom_sidebar' AJAX actions_CVE-2026-12349 The Premium Addons for KingComposer plugin for WordPress is vulnerable to unauthorized modification and loss of data in versions up to, and includi...	octagonwebstudio	Premium Addons for KingComposer	Jun 30, 2026	CVE
MEDIUM 6.5	CVE-2026-11367	PixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' Parameter_CVE-2026-11367 The PixMagix – WordPress Image Editor plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.7.2 via the...	andrasweb	PixMagix – WordPress Image Editor	Jun 30, 2026	CVE
MEDIUM 6.1	CVE-2026-56809	CVE-2026-56809_CVE-2026-56809 Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerab...	Ricoh Company, Ltd.	Multiple laser printers and MFPs which implement Ricoh Web Image Monitor see the information provided by the vendor	Jun 30, 2026	CVE
MEDIUM 6.6	CVE-2026-45822	CVE-2026-45822_CVE-2026-45822 decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decod...	SamVerschueren	decode-uri-component 0.1.0	Jun 30, 2026	CVE
MEDIUM 5.9	CVE-2026-14160	CVE-2026-14160_CVE-2026-14160 Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affe...	Samsung Open Source	Escargot bab3a5797557014ce3c2e28419a6310cfba90d0d	Jun 30, 2026	CVE
MEDIUM 4.4	CVE-2026-12114	Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter_CVE-2026-12114 The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all...	wpmart	Team Members – Multi Language Supported Team Plugin	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-8944	Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' Parameter_CVE-2026-8944 The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and includin...	engagementanalytics	Plugin for Google Analytics by IO technologies	Jun 30, 2026	CVE
MEDIUM 4.4	CVE-2026-12560	Editorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' Field_CVE-2026-12560 The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all...	wpqode	Editorial Rating – Product Review & Rating System	Jun 30, 2026	CVE
MEDIUM 6.5	9A0091F4-6679-	Exploit for CVE-2026-43700_9A0091F4-6679-565C-8F3F-7D6907959F22 CVE-2026-43700 WebKit WebGPU importExternalTexture cross-domain information leakage. Safari: Red/Green/Blue/White – Fixed issue = 26.5.2: PATCHED i...	N/A	N/A	Jun 30, 2026	GITHUBEXPLOIT
MEDIUM 6.2	CVE-2026-10648	NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion_CVE-2026-10648 mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before che...	zephyrproject	zephyr 4.4.0	Jun 29, 2026	CVE