CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2025-7693	Rockwell Automation Micro800 Vulnerability_CVE-2025-7693 A security issue exists due to improper handling of malformed CIP Forward Close packets during fuzzing. The controller enters a solid red Fault LED...	Rockwell Automation	PLC - Micro850 L50E V20.011 - V22.011	Aug 18, 2025	CVE
CRITICAL 9.4	CVE-2025-55299	VaulTLS has a password-based login exploit in additional user accounts_CVE-2025-55299 VaulTLS is a modern solution for managing mTLS (mutual TLS) certificates. Prior to 0.9.1, user accounts created through the User web UI have an emp...	7ritn	VaulTLS < 0.9.1	Aug 18, 2025	CVE
CRITICAL 9.1	CVE-2025-55283	aiven-db-migrate allows Privilege Escalation through use of psql during migration_CVE-2025-55283 aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superu...	aiven	aiven-db-migrate < 1.0.7	Aug 18, 2025	CVE
CRITICAL 9.1	CVE-2025-55282	aiven-db-migrate allows Privilege Escalation via unrestricted search_path during migration_CVE-2025-55282 aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows a user to elevate t...	aiven	aiven-db-migrate < 1.0.7	Aug 18, 2025	CVE
CRITICAL 9.1	CVE-2025-55205	Capsule tenant owners with “patch namespace” permission can hijack system namespaces label_CVE-2025-55205 Capsule is a multi-tenancy and policy-based framework for Kubernetes. A namespace label injection vulnerability in Capsule v0.10.3 and earlier allo...	projectcapsule	capsule < 0.10.4	Aug 18, 2025	CVE
CRITICAL 9.1	CVE-2025-54117	NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor_CVE-2025-54117 NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before ...	NamelessMC	Nameless < 2.2.4	Aug 18, 2025	CVE
CRITICAL 10	THN:F4D91F2B1CE...	⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More_THN:F4D91F2B1CE4FE092D90DFDDFE668F67 ![Weekly Recap](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=) Power doesn't ...	N/A	N/A	Aug 18, 2025	THN
CRITICAL 9.8	CVE-2025-31715	CVE-2025-31715_CVE-2025-31715 In vowifi service, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege with n...	Unisoc (Shanghai) Technologies Co., Ltd.	SL8521E/SL8521ET/ SL8541E/UIS8141E/UWS6137/UWS6137E/UWS6151(E)/UWS6152 Mocor5/Andorid8.1/Andorid9	Aug 18, 2025	CVE
CRITICAL 9.8	CVE-2025-8898	Taxi Booking Manager for Woocommerce \| E-cab <= 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation via Account Takeover_CVE-2025-8898 The Taxi Booking Manager for Woocommerce \| E-cab plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up...	magepeopleteam	E-cab Taxi Booking Manager for Woocommerce *	Aug 16, 2025	CVE
CRITICAL 9.8	CVE-2025-7441	StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload_CVE-2025-7441 The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs...	storychief	StoryChief *	Aug 16, 2025	CVE