HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2025-47908	Denial of service via malicious preflight requests in github.com/rs/cors_CVE-2025-47908 Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Heade...	github.com/rs/cors	github.com/rs/cors 1.9.0	Aug 6, 2025	CVE
HIGH 8.6	CVE-2025-51055	CVE-2025-51055_CVE-2025-51055 Insecure Data Storage of credentials has been found in /api_vedo/configuration/config.yml file in Vedo Suite version 2024.17. This file contains cl...	n/a	n/a n/a	Aug 6, 2025	CVE
HIGH 8.2	CVE-2025-51056	CVE-2025-51056_CVE-2025-51056 An unrestricted file upload vulnerability in Vedo Suite version 2024.17 allows remote authenticated attackers to write to arbitrary filesystem path...	n/a	n/a n/a	Aug 6, 2025	CVE
HIGH 8.8	CVE-2025-8576	CVE-2025-8576_CVE-2025-8576 Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome 139.0.7258.66	Aug 7, 2025	CVE
HIGH 8.8	CVE-2025-8578	CVE-2025-8578_CVE-2025-8578 Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML ...	Google	Chrome 139.0.7258.66	Aug 7, 2025	CVE
HIGH 8.2	HACKREAD:6FA0F2...	15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)_HACKREAD:6FA0F26EBA6A96B664327E7A2451C977 A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin.…	N/A	N/A	Aug 8, 2025	HACKREAD
HIGH 8.8	CVE-2025-4796	Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover_CVE-2025-4796 The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is d...	arraytics	Eventin – Event Manager, Events Calendar, Booking, Tickets and Registration *	Aug 8, 2025	CVE
HIGH 7.1	CVE-2025-50466	CVE-2025-50466_CVE-2025-50466 OpenMetadata	n/a	n/a n/a	Aug 8, 2025	CVE
HIGH 8.1	CVE-2025-46414	EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts_CVE-2025-46414 The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to...	EG4 Electronics	EG4 12kPV all versions	Aug 8, 2025	CVE
HIGH 7.1	CVE-2025-50465	CVE-2025-50465_CVE-2025-50465 OpenMetadata	n/a	n/a n/a	Aug 8, 2025	CVE