HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-29000	WordPress Multi-language Responsive Contact Form plugin <= 2.8 - Broken Access Control Vulnerability_CVE-2025-29000 Missing Authorization vulnerability in August Infotech Multi-language Responsive Contact Form allows Accessing Functionality Not Properly Constrain...	August Infotech	Multi-language Responsive Contact Form n/a	Jul 16, 2025	CVE
HIGH 8.6	CVE-2025-28965	WordPress URL Shortener <= 3.0.7 - Broken Access Control Vulnerability_CVE-2025-28965 Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener allows Accessing Functionality Not Properly Constrained by ACLs. This issu...	Md Yeasin Ul Haider	URL Shortener n/a	Jul 16, 2025	CVE
HIGH 7.5	CVE-2025-28955	WordPress Easy Video Player WordPress & WooCommerce plugin <= 10.0 - Arbitrary File Download Vulnerability_CVE-2025-28955 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce ...	FWDesign	Easy Video Player Wordpress & WooCommerce n/a	Jul 16, 2025	CVE
HIGH 8.8	CVE-2025-24779	WordPress Yogi theme <= 2.9.0 - PHP Object Injection Vulnerability_CVE-2025-24779 Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0.	NooTheme	Yogi n/a	Jul 16, 2025	CVE
HIGH 8.8	CVE-2025-24777	WordPress Hillter theme <= 3.0.7 - PHP Object Injection Vulnerability_CVE-2025-24777 Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7.	awethemes	Hillter n/a	Jul 16, 2025	CVE
HIGH 7.3	CVE-2025-40923	Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely_CVE-2025-40923 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seed...	MIYAGAWA	Plack::Middleware::Session 0.01	Jul 16, 2025	CVE
HIGH 8.6	CVE-2025-40776	Birthday Attack against Resolvers supporting ECS_CVE-2025-40776 A `named` caching resolver that is configured to send ECS (EDNS Client Subnet) options may be vulnerable to a cache-poisoning attack. This issue af...	ISC	BIND 9 9.11.3-S1	Jul 16, 2025	CVE
HIGH 8.2	CVE-2025-53923	Emlog vulnerable to reflected Cross-site Scripting in admin panel_CVE-2025-53923 Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including pro-2.5.17 allows remote a...	emlog	emlog <= pro-2.5.17	Jul 16, 2025	CVE
HIGH 7.1	CVE-2025-37104	HPE Telco Service Orchestrator Software, Authenticated SQL Injection_CVE-2025-37104 A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to ...	Hewlett Packard Enterprise (HPE)	HPE Telco Service Orchestrator	Jul 16, 2025	CVE
HIGH 8.7	CVE-2025-5994	Cache poisoning via the ECS-enabled Rebirthday Attack_CVE-2025-5994 A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (EC...	NLnet Labs	Unbound 1.6.2	Jul 16, 2025	CVE