category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.5	CVE-2026-57330	WordPress MasterStudy LMS plugin <= 3.7.27 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57330 Subscriber Cross Site Scripting (XSS) in MasterStudy LMS	Stylemix	MasterStudy LMS n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57329	WordPress WooCommerce Designer Pro plugin <= 1.9.34 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57329 Subscriber Cross Site Scripting (XSS) in WooCommerce Designer Pro	WOOCOMMERCE DESIGNER PRO	WooCommerce Designer Pro n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57328	WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57328 Subscriber Cross Site Scripting (XSS) in Business Directory	Strategy11 Team	Business Directory n/a	Jun 29, 2026	CVE
MEDIUM 6.3	CVE-2026-57327	WordPress MainWP plugin <= 6.1.1 - Broken Access Control vulnerability_CVE-2026-57327 Subscriber Broken Access Control in MainWP	mainwp	MainWP n/a	Jun 29, 2026	CVE
MEDIUM 6.5	CVE-2026-57326	WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57326 Unauthenticated Cross Site Scripting (XSS) in Business Directory	Strategy11 Team	Business Directory n/a	Jun 29, 2026	CVE
HIGH 7.1	CVE-2026-57320	WordPress BEAR plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability_CVE-2026-57320 Unauthenticated Cross Site Scripting (XSS) in BEAR	RealMag777	BEAR n/a	Jun 29, 2026	CVE
CRITICAL 10	CVE-2026-56290	Joomla Extension – joomlack.fr – Unauthenticated file upload in Page Builder CK extension < 3.6.0_CVE-2026-56290 The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to ...	joomlack.fr	JoomlaCK.fr Page Builder CK extension for Joomla 1.0-3.6.0	Jun 29, 2026	CVE
HIGH 8.7	CVE-2026-56124	phpUploader < 2.0.2 Unauthenticated Database Exposure via index model_CVE-2026-56124 phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents ...	shimosyan	phpUploader	Jun 29, 2026	CVE
HIGH 7.5	CVE-2026-55844	Home Assistant: iOS Companion App ignores internal SSID allowlist for connections – possible leak of access token and sensor data_CVE-2026-55844 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2025.5.0, The iOS companion app ignores ...	home-assistant	core < 2025.5.0	Jun 29, 2026	CVE
HIGH 7.7	CVE-2026-55607	Claude Code: Sandbox Escape via Git Worktree Path Confusion Allows Unsandboxed Code Execution_CVE-2026-55607 Claude Code is an agentic coding tool. From 2.1.38 until 2.1.163, Claude Code's worktree handling allowed creation of worktrees named ".git" and n...	anthropics	claude-code >= 2.1.38, < 2.1.163	Jun 29, 2026	CVE