category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-13331	Groundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' Parameter_CVE-2026-13331 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter ...	trainingbusinesspros	Groundhogg — CRM, Newsletters, and Marketing Automation	Jun 27, 2026	CVE
MEDIUM 4.4	CVE-2026-11356	Ivory Search <= 5.5.15 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings_CVE-2026-11356 The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_c...	vinod-dalvi	Ivory Search – WordPress Search Plugin	Jun 27, 2026	CVE
MEDIUM 5.5	CVE-2025-59868	HCL Traveler for Microsoft Outlook (HTMO) is susceptible to sensitive data exposure_CVE-2025-59868 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit applic...	HCLSoftware	Traveler for Microsoft Outlook <3.0.15	Jun 27, 2026	CVE
HIGH 7.2	CVE-2026-56414	H.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous Type_CVE-2026-56414 A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixe...	H.VIEW	HV-500S6 IP Camera IPCAM_V4.06.88.251229	Jun 26, 2026	CVE
HIGH 7.2	CVE-2026-55975	H.VIEW HV-500S6 IP Camera OS Command Injection_CVE-2026-55975 A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate gen...	H.VIEW	HV-500S6 IP Camera IPCAM_V4.06.88.251229	Jun 26, 2026	CVE
CRITICAL 9.8	CVE-2026-28701	Daktronics Controller Firmware Path Traversal_CVE-2026-28701 Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and ...	Daktronics	VFC-DMP-5000	Jun 26, 2026	CVE
HIGH 8.1	CVE-2026-31928	Daktronics Controller Firmware Use of Hard-coded Credentials_CVE-2026-31928 The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed ...	Daktronics	VFC-DMP-5000	Jun 26, 2026	CVE
HIGH 7.1	CVE-2026-33560	Daktronics Controller Firmware Unrestricted Upload of File with Dangerous Type_CVE-2026-33560 The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users t...	Daktronics	VFC-DMP-5000	Jun 26, 2026	CVE
HIGH 7.8	CVE-2026-45195	GPU DDK – rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted_CVE-2026-45195 Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 26, 2026	CVE
HIGH 7.7	CVE-2026-21734	GPU DDK – libusc OOB write at TreeRemove during WebGPU shader compilation_CVE-2026-21734 A web page that contains unusual GPU shader code is loaded into the GPU compiler process and can trigger a write out-of-bounds write crash in the G...	Imagination Technologies	Graphics DDK 1.18 RTM	Jun 26, 2026	CVE