HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.1	CVE-2025-54882	Himmelblau’s Kerberos credential cache collection is world readable_CVE-2025-54882 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Him...	himmelblau-idm	himmelblau >= 0.8.0, < 0.9.22	Aug 7, 2025	CVE
HIGH 8.6	CVE-2025-54784	SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer_CVE-2025-54784 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vul...	SuiteCRM	SuiteCRM >= 7.14.0, < 7.14.7	Aug 7, 2025	CVE
HIGH 8.7	CVE-2025-7769	Improper Neutralization of Special Elements used in a Command (‘Command Injection’) in Tigo Energy Cloud Connect Advanced_CVE-2025-7769 Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, al...	Tigo Energy	Cloud Connect Advanced	Aug 6, 2025	CVE
HIGH 8.7	CVE-2025-7770	Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced_CVE-2025-7770 Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable met...	Tigo Energy	Cloud Connect Advanced	Aug 6, 2025	CVE
HIGH 7.5	CVE-2025-21452	Reachable Assertion in Modem_CVE-2025-21452 Transient DOS while processing a random-access response (RAR) with an invalid PDU length on LTE network.	Qualcomm, Inc.	Snapdragon 315 5G IoT Modem	Aug 6, 2025	CVE
HIGH 7.8	CVE-2025-21458	Use After Free in NPU_CVE-2025-21458 Memory corruption when IOCTL interface is called to map and unmap buffers simultaneously.	Qualcomm, Inc.	Snapdragon FastConnect 6900	Aug 6, 2025	CVE
HIGH 7.8	CVE-2025-21461	Out-of-bounds Write in Camera_Linux_CVE-2025-21461 Memory corruption when programming registers through virtual CDM.	Qualcomm, Inc.	Snapdragon FastConnect 6900	Aug 6, 2025	CVE
HIGH 7.8	CVE-2025-21473	Time-of-check Time-of-use (TOCTOU) Race Condition in Camera_Linux_CVE-2025-21473 Memory corruption when using Virtual cdm (Camera Data Mover) to write registers.	Qualcomm, Inc.	Snapdragon FastConnect 6900	Aug 6, 2025	CVE
HIGH 7.8	CVE-2025-21474	Use After Free in BTHOST_CVE-2025-21474 Memory corruption while processing commands from A2dp sink command queue.	Qualcomm, Inc.	Snapdragon FastConnect 6800	Aug 6, 2025	CVE
HIGH 8.8	CVE-2025-54788	SuiteCRM: Authenticated Blind SQL Injection in InboundEmail module SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions and below, the InboundEmail m...	SuiteCRM	SuiteCRM < 7.14.7	Aug 6, 2025	CVE