CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2025-34117	Netcore / Netis Routers RCE via UDP Port 53413 Backdoor_CVE-2025-34117 A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the pr...	Netcore Technology	Router firmware Prior to August 2014	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34127	Achat v0.150 SEH Buffer Overflow via UDP_CVE-2025-34127 A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an ...	Achat Software	Achat Chat Server 0.150	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34125	D-Link DSP-W110A1 Cookie Command Injection_CVE-2025-34125 An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware v...	D-Link	DSP-W110A1 1.05B01	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34132	LILIN DVR Command Injection via NTPUpdate in dvr_box_CVE-2025-34132 A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server fie...	Merit LILIN	DVR Firmware *	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-5396	Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution_CVE-2025-5396 The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbacku...	Bearsthemes	Bears Backup *	Jul 17, 2025	CVE
CRITICAL 9.1	CVE-2025-53909	mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template_CVE-2025-53909 mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versio...	mailcow	mailcow-dockerized < 2025-07	Jul 17, 2025	CVE
CRITICAL 9.8	CVE-2025-51630	CVE-2025-51630_CVE-2025-51630 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.	n/a	n/a n/a	Jul 17, 2025	CVE
CRITICAL 9.4	CVE-2025-53946	WeGIA vulnerable to SQL Injection in endpoint profile_paciente.php parameter id_fichamedica_CVE-2025-53946 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.5	Jul 17, 2025	CVE
CRITICAL 9.4	CVE-2025-54060	WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarInfoPessoal.php Endpoint_CVE-2025-54060 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.6	Jul 17, 2025	CVE
CRITICAL 9.4	CVE-2025-54058	WeGIA SQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarEndereco.php Endpoint_CVE-2025-54058 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.6	Jul 17, 2025	CVE