HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.9	CVE-2025-49839	GHSL-2025-051: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49839 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...	RVC-Boss	GPT-SoVITS <= 20250228v3	Jul 15, 2025	CVE
HIGH 8.9	CVE-2025-49838	GHSL-2025-050: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49838 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...	RVC-Boss	GPT-SoVITS <= 20250228v3	Jul 15, 2025	CVE
HIGH 8.9	CVE-2025-49837	GHSL-2025-049: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49837 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...	RVC-Boss	GPT-SoVITS <= 20250228v3	Jul 15, 2025	CVE
HIGH 8.9	CVE-2025-49841	GHSL-2025-053: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49841 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...	RVC-Boss	GPT-SoVITS <= 20250228v3	Jul 15, 2025	CVE
HIGH 8.9	CVE-2025-49840	GHSL-2025-052: GPT-SoVITS Deserialization of Untrusted Data vulnerability_CVE-2025-49840 GPT-SoVITS-WebUI is a voice conversion and text-to-speech webUI. In versions 20250228v3 and prior, there is an unsafe deserialization vulnerability...	RVC-Boss	GPT-SoVITS <= 20250228v3	Jul 15, 2025	CVE
HIGH 7.2	CVE-2025-2800	WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name'_CVE-2025-2800 The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Script...	wpeventmanager	WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce *	Jul 16, 2025	CVE
HIGH 8.2	CVE-2025-7359	Counter live visitors for WooCommerce <= 1.3.6 - Unauthenticated Arbitrary File Deletion in wcvisitor_get_block_CVE-2025-7359 The Counter live visitors for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in...	danielriera	Counter live visitors for WooCommerce *	Jul 16, 2025	CVE
HIGH 8.1	CVE-2025-6043	Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal <= 16.8 - Authenticated (Subscriber+) Arbitrary File Deletion_CVE-2025-6043 The Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal plugin for WordPress is vulnerable to Arbitrary File Deletion due to a missi...	malcure	Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal *	Jul 16, 2025	CVE
HIGH 8.1	CVE-2025-52690	Command Injection Vulnerability in the OmniAccess Stellar over UDP Service_CVE-2025-52690 Successful exploitation of the vulnerability could allow an attacker to execute arbitrary commands as root, potentially leading to the loss of conf...	Alcatel-Lucent	OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier	Jul 16, 2025	CVE
HIGH 7.5	CVE-2025-6993	Ultimate WP Mail 1.0.17 – 1.3.6 – Missing Authorization to Authenticated (Contributor+) Privilege Escalation via get_email_log_details Function_CVE-2025-6993 The Ultimate WP Mail plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization within the get_email_log_details() AJ...	rustaurius	Ultimate WP Mail 1.0.17	Jul 16, 2025	CVE