NVD CVEs — 本日公開 (7 件)
CVE-2023-37524 7.7 HIGH
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerabl
CVE-2025-59868 5.5 MEDIUM
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure vulnerability which could allow an attacker to exploit application information to then attempt additional attacks and cause unknown behavior in the application.
CVE-2026-11356 4.4 MEDIUM
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'menu_title' and 'menu_magnifier_color' Settings in all versions up to, and including, 5.5.15 due to insufficient input sanitization and output escaping. This makes it possible for authen
CVE-2026-13331 6.5 MEDIUM
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin
CVE-2026-13333 6.5 MEDIUM
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'query[select]' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis
CVE-2026-13335 6.4 MEDIUM
The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'cpm_point' Post Meta in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contrib
CVE-2026-13422 4.3 MEDIUM
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdq_validate_nonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create new
GitHub Security Advisories — 本日公開 (20 件)
GHSA-73vw-76h4-g45m
MEDIUM
The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to...
GHSA-qmp7-mx7r-2rf4
MEDIUM
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to...
GHSA-cc9f-rh6g-8362
MEDIUM
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to...
GHSA-xwv4-jx2p-x8xw
MEDIUM
The CodePeople Post Map for Google Maps plugin for WordPress is vulnerable to Stored Cross-Site...
GHSA-h9qh-pc26-3235
MEDIUM
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a sensitive data exposure...
GHSA-vp5c-23j8-3fh2
HIGH
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework...
GHSA-jwpp-v8v4-wh67
MEDIUM
The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Stored Cross...
GHSA-65q4-rvjr-c9r5
HIGH
A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow...
GHSA-j595-prhp-3r49
HIGH
The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are...
GHSA-rf2w-j7p7-rw94
CRITICAL
The DMP-5000 devices are shipped with a default administrative web account with weak...