HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-54072	yt-dlp allows `–exec` command injection when using placeholder on Windows_CVE-2025-54072 yt-dlp is a feature-rich command-line audio/video downloader. In versions 2025.06.25 and below, when the --exec option is used on Windows with the ...	yt-dlp	yt-dlp < 2025.07.21	Jul 22, 2025	CVE
HIGH 8.7	CVE-2025-53703	DuraComm DP-10iN-100-MU Cleartext Transmission of Sensitive Information_CVE-2025-53703 DuraComm SPM-500 DP-10iN-100-MU transmits sensitive data without encryption over a channel that could be intercepted by attackers.	DuraComm Corporation	SPM-500 DP-10iN-100-MU	Jul 22, 2025	CVE
HIGH 7.5	CVE-2025-53538	Suricata’s mishandling of data on HTTP2 stream 0 can lead to resource starvation_CVE-2025-53538 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions ...	OISF	suricata < 7.0.11	Jul 22, 2025	CVE
HIGH 8.7	CVE-2025-48733	DuraComm DP-10iN-100-MU Missing Authentication for Critical Function_CVE-2025-48733 DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to rep...	DuraComm Corporation	SPM-500 DP-10iN-100-MU	Jul 22, 2025	CVE
HIGH 8.6	CVE-2025-7766	Lantronix Provisioning Manager Improper Restriction of XML External Entity Reference_CVE-2025-7766 Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthen...	Lantronix	Provisioning Manager	Jul 22, 2025	CVE
HIGH 7.2	CVE-2025-41425	DuraComm DP-10iN-100-MU Cross-site Scripting_CVE-2025-41425 DuraComm SPM-500 DP-10iN-100-MU is vulnerable to a cross-site scripting attack. This could allow an attacker to prevent legitimate users from acc...	DuraComm Corporation	SPM-500 DP-10iN-100-MU	Jul 22, 2025	CVE
HIGH 7.3	CVE-2025-43022	Poly Clariti Manager – Multiple Security Vulnerabilities_CVE-2025-43022 A potential SQL injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allo...	HP Inc.	Poly Clariti Manager See HP Security Bulletin reference for affected versions.	Jul 22, 2025	CVE
HIGH 8.7	CVE-2025-8060	Tenda AC23 httpd setMacFilterCfg sub_46C940 stack-based overflow_CVE-2025-8060 A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of t...	Tenda	AC23 16.03.07.52	Jul 23, 2025	CVE
HIGH 8.8	CVE-2025-7722	Social Streams <= 1.2.1 - Authenticated (Subscriber+) Privilege Escalation_CVE-2025-7722 The Social Streams plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.1. This is due to the plugi...	steverio	Social Streams *	Jul 23, 2025	CVE
HIGH 8.8	CVE-2025-6190	Realty Portal – Agent <= 0.3.9 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via rp_user_profile() Function_CVE-2025-6190 The Realty Portal – Agent plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization within the rp_user_profile() AJAX...	nootheme	Realty Portal – Agent *	Jul 23, 2025	CVE