HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.1	CVE-2025-5391	WooCommerce Purchase Orders <= 1.0.2 - Authenticated (Subscriber+) Arbitrary File Deletion_CVE-2025-5391 The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delet...	bbioon	WooCommerce Purchase Orders *	Aug 12, 2025	CVE
HIGH 8.1	CVE-2025-42976	Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)_CVE-2025-42976 SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document app...	SAP_SE	SAP NetWeaver Application Server ABAP (BIC Document) S4COREOP 104	Aug 12, 2025	CVE
HIGH 7.8	CVE-2025-55156	PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter_CVE-2025-55156 pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter add_links in API /json/ad...	pyload	pyload < 0.5.0b3.dev91	Aug 11, 2025	CVE
HIGH 8.6	CVE-2025-55161	Stirling-PDF SSRF vulnerability on /api/v1/convert/markdown/pdf_CVE-2025-55161 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/conv...	Stirling-Tools	Stirling-PDF < 1.1.0	Aug 11, 2025	CVE
HIGH 8.6	CVE-2025-25235	Omnissa Secure Email Gateway (SEG) updates address Server-Side Request Forgery (SSRF) vulnerability_CVE-2025-25235 Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on U...	Omnissa	Secure Email Gateway 2.32 and later	Aug 11, 2025	CVE
HIGH 8.5	CVE-2025-55012	Zed AI Agent Remote Code Execution_CVE-2025-55012 Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) b...	zed-industries	zed < 0.197.3	Aug 11, 2025	CVE
HIGH 8.6	CVE-2025-55150	Stirling-PDF SSRF vulnerability on /api/v1/convert/html/pdf_CVE-2025-55150 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/conv...	Stirling-Tools	Stirling-PDF < 1.1.0	Aug 11, 2025	CVE
HIGH 8.6	CVE-2025-55151	Stirling-PDF SSRF vulnerability on /api/v1/convert/file/pdf_CVE-2025-55151 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" f...	Stirling-Tools	Stirling-PDF < 1.1.0	Aug 11, 2025	CVE
HIGH 8.6	CVE-2025-40920	Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl use insecurely generated nonces_CVE-2025-40920 Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID do...	ETHER	Catalyst::Authentication::Credential::HTTP 0.06	Aug 11, 2025	CVE
HIGH 8.6	CVE-2025-54878	Heap Buffer Overflow in NASA CryptoLib 1.4.0 `Crypto_TC_Check_IV_Setup`_CVE-2025-54878 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communicati...	nasa	CryptoLib < 1.4.1	Aug 11, 2025	CVE