category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7	CVE-2026-53148	thunderbolt: Clamp XDomain response data copy to allocation size_CVE-2026-53148 In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tb_xdp_prope...	Linux	Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179	Jun 25, 2026	CVE
HIGH 7	CVE-2026-53143	drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11_CVE-2026-53143 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix buffer overflow in SDMA queue checkpoint/restore on GFX11 The...	Linux	Linux cc009e613de6560eb499f8bc92c80a737752cb30	Jun 25, 2026	CVE
MEDIUM 5.9	CVE-2026-14160	CVE-2026-14160_CVE-2026-14160 Time-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions. This issue affe...	Samsung Open Source	Escargot bab3a5797557014ce3c2e28419a6310cfba90d0d	Jun 30, 2026	CVE
MEDIUM 4.4	CVE-2026-12114	Team Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' Parameter_CVE-2026-12114 The Team Members – Multi Language Supported Team Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all...	wpmart	Team Members – Multi Language Supported Team Plugin	Jun 30, 2026	CVE
MEDIUM 4.3	CVE-2026-8944	Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' Parameter_CVE-2026-8944 The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and includin...	engagementanalytics	Plugin for Google Analytics by IO technologies	Jun 30, 2026	CVE
MEDIUM 4.4	CVE-2026-12560	Editorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' Field_CVE-2026-12560 The Editorial Rating – Product Review & Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'Link URL' Field in all...	wpqode	Editorial Rating – Product Review & Rating System	Jun 30, 2026	CVE
HIGH 7.5	CVE-2026-12243	Path Traversal via Percent-Encoding in nltk.data.find() and nltk.data.load()_CVE-2026-12243 NLTK version 3.9.4 is vulnerable to a path traversal attack due to an incomplete fix for GitHub Issue #3504. The `_UNSAFE_NO_PROTOCOL_RE` regex in ...	nltk	nltk/nltk unspecified	Jun 30, 2026	CVE
HIGH 8.4	CVE-2026-58302	CVE-2026-58302_CVE-2026-58302 rtapi_app in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via d...	LinuxCNC	LinuxCNC	Jun 30, 2026	CVE
MEDIUM 6.2	CVE-2026-10648	NULL-pointer dereference in MCUmgr serial/console SMP transport on buffer-pool exhaustion_CVE-2026-10648 mcumgr_serial_process_frag() in subsys/mgmt/mcumgr/transport/src/serial_util.c calls net_buf_reset() on the result of smp_packet_alloc() before che...	zephyrproject	zephyr 4.4.0	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-56018	JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth_CVE-2026-56018 JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify(), allowing unbounded memory growth. In JsMinify (XS.xs...	GTERMARS	JavaScript::Minifier::XS	Jun 29, 2026	CVE