CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2025-55031	CVE-2025-55031_CVE-2025-55031 Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth rang...	Mozilla	Firefox for iOS unspecified	Aug 19, 2025	CVE
CRITICAL 9.8	CVE-2025-8042	CVE-2025-8042_CVE-2025-8042 Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141.	Mozilla	Firefox unspecified	Aug 19, 2025	CVE
CRITICAL 9.3	CVE-2025-55746	Directus allows unauthenticated file upload and file modification due to lacking input sanitization_CVE-2025-55746 Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file u...	directus	directus >= 10.8.0, < 11.9.3	Aug 20, 2025	CVE
CRITICAL 9	F71DE4F4-E39E-	Exploit for Improper Neutralization of Script in Attributes in a Web Page in Xwiki Rendering_F71DE4F4-E39E-5ABF-9793-1DB0F48EAAE8 XWiki Rendering XWiki Rendering is a generic Rendering system that converts textual input in...	N/A	N/A	Aug 16, 2025	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2025-9074	Docker Desktop allows unauthenticated access to Docker Engine API from containers_CVE-2025-9074 A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Dock...	Docker	Docker Desktop 4.25	Aug 20, 2025	CVE
CRITICAL 9.8	CVE-2025-27129	CVE-2025-27129_CVE-2025-27129 An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP re...	Tenda	AC6 V5.0 V02.03.01.110	Aug 20, 2025	CVE
CRITICAL 10	CVE-2025-53577	WordPress Global DNS Plugin <= 3.1.0 - Remote Code Execution (RCE) Vulnerability_CVE-2025-53577 Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global...	thehp	Global DNS n/a	Aug 20, 2025	CVE
CRITICAL 9.8	CVE-2025-53580	WordPress Simple Business Directory Pro Plugin < 15.6.9 - Privilege Escalation Vulnerability_CVE-2025-53580 Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation. This issue affects Simple B...	quantumcloud	Simple Business Directory Pro n/a	Aug 20, 2025	CVE
CRITICAL 9.8	CVE-2025-53299	WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability_CVE-2025-53299 Deserialization of Untrusted Data vulnerability in ThemeMakers ThemeMakers Visual Content Composer allows Object Injection. This issue affects Them...	ThemeMakers	ThemeMakers Visual Content Composer n/a	Aug 20, 2025	CVE
CRITICAL 9.9	CVE-2025-53213	WordPress ReachShip WooCommerce Multi-Carrier & Conditional Shipping <= 4.3.1 - Arbitrary File Upload Vulnerability_CVE-2025-53213 Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ReachShip WooCommerce Multi-Carrier & Conditional Shipping allows Usi...	ELEXtensions	ReachShip WooCommerce Multi-Carrier & Conditional Shipping n/a	Aug 20, 2025	CVE