HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.3	CVE-2025-41259	SWUpdate Untrusted Script Execution via Signed Update TOCTOU_CVE-2025-41259 SWUpdate before 2026.05 is affected by a time-of-check time-of-use (TOCTOU) race condition that allows local unprivileged attackers to escalate pri...	sbabic	SWUpdate	Jun 3, 2026	CVE
HIGH 7.5	F60EDCA1-3AA0-	Wazuh-Deployment-Vulnerability-Monitoring-PoC_F60EDCA1-3AA0-58CC-8AFA-A4BA4188AE01 🛡️ Wazuh Deployment & Vulnerability Monitoring PoC Overview This Proof of Concept PoC demonstrates the deployment of a fresh Wazuh Manager instance...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
HIGH 8.8	9E8F733F-521E-	Exploit for Write-what-where Condition in Linux Linux_Kernel_9E8F733F-521E-504B-886D-5E1C5BC369E4 Local privilege escalation / Container escape: CVE-2026-43284 / CVE-2026-43500 Usage: CGOENABLED=0; go build -ldflags="-s -w" -o dirtyfrag ../dirty...	N/A	N/A	Jun 3, 2026	GITHUBEXPLOIT
HIGH 7.1	CVE-2025-15654	WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability_CVE-2025-15654 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows Reflected XSS. This...	Fox-themes	Prague n/a	Jun 3, 2026	CVE
HIGH 7.5	CVE-2026-41032	Phoenix Contact: Unauthenticated log download vulnerability in the firmware of CHARX SEC-3xxx charging controllers_CVE-2026-41032 It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information.	Phoenix Contact	CHARX SEC-3150 1.0.0	Jun 3, 2026	CVE
HIGH 8.8	CVE-2025-15656	WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability_CVE-2025-15656 Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from...	Mojoomla	School Management n/a	Jun 3, 2026	CVE
HIGH 7.6	CVE-2025-15655	WordPress School Management plugin <= 93.2.0 - SQL Injection vulnerability_CVE-2025-15655 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injecti...	Mojoomla	School Management n/a	Jun 3, 2026	CVE
HIGH 7.4	CVE-2025-14774	Communication analysis between the Card Reader and TP2CardReaderService daemon_CVE-2025-14774 Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.	ABB	T-MAC Plus 4.0-24	Jun 3, 2026	CVE
HIGH 8	CVE-2025-14773	Stored Cross-Site Scripting in ABB T-MAC Plus web application_CVE-2025-14773 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plu...	ABB	T-MAC Plus 4.0-24	Jun 3, 2026	CVE
HIGH 8.8	CVE-2025-14772	Broken Access Control in ABB T-MAC Plus web application_CVE-2025-14772 Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.	ABB	T-MAC Plus 4.0-24	Jun 3, 2026	CVE