category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4.3	CVE-2026-13422	HD Quiz 2.2.0 – 2.2.1 – Cross-Site Request Forgery via Multiple AJAX Handlers_CVE-2026-13422 The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce ...	harmonic_design	HD Quiz 2.2.0	Jun 27, 2026	CVE
MEDIUM 6.4	CVE-2026-13335	CodePeople Post Map for Google Maps <= 1.2.6 - Authenticated (Contributor +) Stored Cross-Site Scripting via 'cpm_point' Post Meta_CVE-2026-13335 The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions...	codepeople	CodePeople Post Map for Google Maps	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-13333	Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter_CVE-2026-13333 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Paramet...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 27, 2026	CVE
MEDIUM 6.5	CVE-2026-13331	Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter_CVE-2026-13331 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter ...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 27, 2026	CVE
MEDIUM 4.4	CVE-2026-11356	Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings_CVE-2026-11356 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_c...	vinod-dalvi	Ivory Search – WordPress Search Plugin	Jun 27, 2026	CVE
MEDIUM 5.5	CVE-2025-59868	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure_CVE-2025-59868 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit applic...	HCLSoftware	Traveler for Microsoft Outlook <3.0.15	Jun 27, 2026	CVE
HIGH 7.2	CVE-2026-56414	H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type_CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixe...	H.VIEW	HV-500S6 IP Camera IPCAM_V4.06.88.251229	Jun 26, 2026	CVE
HIGH 7.2	CVE-2026-55975	H.VIEW HV-500S6 IP Camera OS Command Injection_CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate gen...	H.VIEW	HV-500S6 IP Camera IPCAM_V4.06.88.251229	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-28701	Daktronics Controller Firmware Path Traversal_CVE-2026-28701 Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and ...	Daktronics	VFC-DMP-5000	Jun 26, 2026	CVE
HIGH 8.1	CVE-2026-31928	Daktronics Controller Firmware Use of Hard-coded Credentials_CVE-2026-31928 The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed ...	Daktronics	VFC-DMP-5000	Jun 26, 2026	CVE