CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2025-34127	Achat v0.150 SEH Buffer Overflow via UDP_CVE-2025-34127 A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an ...	Achat Software	Achat Chat Server 0.150	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34125	D-Link DSP-W110A1 Cookie Command Injection_CVE-2025-34125 An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware v...	D-Link	DSP-W110A1 1.05B01	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34132	LILIN DVR Command Injection via NTPUpdate in dvr_box_CVE-2025-34132 A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server fie...	Merit LILIN	DVR Firmware *	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-5396	Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution_CVE-2025-5396 The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbacku...	Bearsthemes	Bears Backup *	Jul 17, 2025	CVE
CRITICAL 9.1	CVE-2025-53909	mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template_CVE-2025-53909 mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versio...	mailcow	mailcow-dockerized < 2025-07	Jul 17, 2025	CVE
CRITICAL 9.8	CVE-2025-51630	CVE-2025-51630_CVE-2025-51630 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.	n/a	n/a n/a	Jul 17, 2025	CVE
CRITICAL 9.4	CVE-2025-53946	WeGIA vulnerable to SQL Injection in endpoint profile_paciente.php parameter id_fichamedica_CVE-2025-53946 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.5	Jul 17, 2025	CVE
CRITICAL 9.4	CVE-2025-54060	WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint_CVE-2025-54060 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.6	Jul 17, 2025	CVE
CRITICAL 9.4	CVE-2025-54058	WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarEndereco.php Endpoint_CVE-2025-54058 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.6	Jul 17, 2025	CVE
CRITICAL 9.4	CVE-2025-54061	WeGIASQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarDoc.php Endpoint_CVE-2025-54061 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.6	Jul 17, 2025	CVE