HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2026-9844	Vulnerability in navify Digital Pathology_CVE-2026-9844 Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usern...	Roche Diagnostics	navify Digital Pathology 2.0.0	Jun 2, 2026	CVE
HIGH 8.7	CVE-2026-7313	CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity_CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticat...	Progress Software	Sitefinity 8.0.5700 to 13.3.7652	Jun 2, 2026	CVE
HIGH 8.8	CVE-2026-7201	CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity_CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, ...	Progress Software	Sitefinity 15.2.8400	Jun 2, 2026	CVE
HIGH 8.8	CVE-2026-7195	CWE-20: Improper Input Validation in web services in Progress Sitefinity_CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 1...	Progress Software	Sitefinity 14.1.0	Jun 2, 2026	CVE
HIGH 8.1	CVE-2026-39555	WordPress Askka theme <= 1.3.1 - PHP Object Injection vulnerability_CVE-2026-39555 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1.	Elated-Themes	Askka n/a	Jun 2, 2026	CVE
HIGH 8.1	CVE-2026-39553	WordPress WaveRide theme <= 1.4 - Local File Inclusion vulnerability_CVE-2026-39553 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide all...	Select-Themes	WaveRide n/a	Jun 2, 2026	CVE
HIGH 8.1	CVE-2026-39552	WordPress Blueprint theme < 1.1.5 - Local File Inclusion vulnerability_CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint ...	Code Supply Co.	Blueprint n/a	Jun 2, 2026	CVE
HIGH 8.2	CVE-2026-10611	OTP bypass via plugin-based LDAP authentication in MISP when LDAP mixed authentication is enabled_CVE-2026-10611 An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured wit...	misp	misp	Jun 2, 2026	CVE
HIGH 8.1	CVE-2025-69369	WordPress Racquet theme <= 1.12.0 - Local File Inclusion vulnerability_CVE-2025-69369 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows...	Axiomthemes	Racquet n/a	Jun 2, 2026	CVE
HIGH 8.1	CVE-2025-68886	WordPress Cookiteer theme <= 1.4.8 - Local File Inclusion vulnerability_CVE-2025-68886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allo...	androThemes	Cookiteer n/a	Jun 2, 2026	CVE