CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2025-52720	WordPress Super Store Finder Plugin <= 7.5 - SQL Injection Vulnerability_CVE-2025-52720 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Inje...	highwarden	Super Store Finder n/a	Aug 14, 2025	CVE
CRITICAL 9.9	CVE-2025-49887	WordPress Product XML Feed Manager for WooCommerce Plugin <= 2.9.3 - Remote Code Execution (RCE) Vulnerability_CVE-2025-49887 Improper Control of Generation of Code ('Code Injection') vulnerability in WPFactory Product XML Feed Manager for WooCommerce allows Remote Code In...	WPFactory	Product XML Feed Manager for WooCommerce n/a	Aug 14, 2025	CVE
CRITICAL 9.3	CVE-2025-49059	WordPress CleverReach® WP Plugin <= 1.5.20 - SQL Injection Vulnerability_CVE-2025-49059 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CleverReach® CleverReach® WP allows SQL Injec...	CleverReach®	CleverReach® WP n/a	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-48293	WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability_CVE-2025-48293 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup all...	Dylan Kuhn	Geo Mashup n/a	Aug 14, 2025	CVE
CRITICAL 10	CVE-2025-25174	WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability_CVE-2025-25174 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Exte...	beeteam368	BeeTeam368 Extensions n/a	Aug 14, 2025	CVE
CRITICAL 9.9	CVE-2025-24775	WordPress Forms <= 2.9.0 - Arbitrary File Upload Vulnerability_CVE-2025-24775 Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Form...	Made I.T.	Forms n/a	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-55346	Unintended dynamic code execution leads to remote code execution by network attackers_CVE-2025-55346 User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed ...	N/A	N/A	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-8943	Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers_CVE-2025-8943 The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's i...	N/A	N/A	Aug 14, 2025	CVE
CRITICAL 9.2	CVE-2025-34154	UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read_CVE-2025-34154 UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw res...	Synergetic Data Systems Inc.	UnForm Server Manager *	Aug 13, 2025	CVE
CRITICAL 9	CVE-2025-8904	Privilege escalation issue in Amazon EMR Secret Agent component_CVE-2025-8904 Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to th...	Amazon	EMR 6.10	Aug 13, 2025	CVE