CVE - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 10	CVE-2026-12846	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command_CVE-2026-12846 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service ...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
MEDIUM 6.2	CVE-2026-12488	GeoVision GV-VMS V20 GV-Cloud memory corruption vulnerability_CVE-2026-12488 A memory corruption vulnerability exists in the GV-Cloud functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted network request can l...	GeoVision Inc.	GeoVision V20.0.2	Jun 24, 2026	CVE
CRITICAL 9.1	CVE-2026-12486	GeoVision GV-I/O Box 4E libNetSetObj.so OS command injection vulnerability_CVE-2026-12486 Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted netwo...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
CRITICAL 10	CVE-2026-12485	GeoVision GV-I/O Box DVRSearch buffer overflow vulnerabilities in CMD_IP_SET command_CVE-2026-12485 GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485. DVRSearch is a service ...	GeoVision Inc.	GV-I/O Box 4E V2.09	Jun 24, 2026	CVE
HIGH 7.2	CVE-2026-3652	ARForms <= 7.1.3 - Unauthenticated Stored Cross-Site Scripting via 'value' Parameter_CVE-2026-3652 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value` parameter of the `arf_save_incomplete_form_data` AJAX...	n/a	ARforms	Jun 24, 2026	CVE
MEDIUM 6.4	CVE-2026-11614	Xpro Addons <= 1.7.2 - Authenticated (Author+) Stored Cross-Site Scripting via 'custom_attributes' Parameter of Multiple Widgets_CVE-2026-11614 The Xpro Addons — 140+ Widgets for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'custom_attributes' paramete...	xpro	Xpro Addons — 140+ Widgets for Elementor	Jun 24, 2026	CVE
MEDIUM 6.7	37C50661-A878-	kev-investigator_37C50661-A878-507B-9377-0F99874BB5CE KEV Investigator An automated investigation draft generator for CISA's Known Exploited Vulnerabilities KEV catalog — built to remove the repetitive...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
CRITICAL 9.8	EECE9D9F-6DA3-	Exploit for Path Traversal in Apache Http_Server_EECE9D9F-6DA3-5669-A840-4B74F51D2FBB CVE-2021-42013 — PoC: Path Traversal + RCE via modcgi bypass de parche Solo para uso en entornos controlados y propios. No usar contra sistemas sin...	N/A	N/A	Jun 24, 2026	GITHUBEXPLOIT
HIGH 8.9	CVE-2026-12681	CVE-2026-12681_CVE-2026-12681 Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advan...	Google	go-attestation	Jun 24, 2026	CVE
HIGH 8.7	CVE-2026-7574	Anthropic Claude Desktop Cowork VM Image Contents Not Validated Before Use_CVE-2026-7574 Anthropic Claude Desktop Cowork VM image handling (confirmed across v1.1348.0 through v1.2278.0, including v1.1348.0, v1.1617.0, and v1.2278.0) val...	Anthropic	Claude Desktop Cowork 1.1348.0	Jun 23, 2026	CVE