CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2025-55346	Unintended dynamic code execution leads to remote code execution by network attackers_CVE-2025-55346 User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed ...	N/A	N/A	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-8943	Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers_CVE-2025-8943 The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's i...	N/A	N/A	Aug 14, 2025	CVE
CRITICAL 9.2	CVE-2025-34154	UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read_CVE-2025-34154 UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw res...	Synergetic Data Systems Inc.	UnForm Server Manager *	Aug 13, 2025	CVE
CRITICAL 9	CVE-2025-8904	Privilege escalation issue in Amazon EMR Secret Agent component_CVE-2025-8904 Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to th...	Amazon	EMR 6.10	Aug 13, 2025	CVE
CRITICAL 10	CVE-2025-34153	Hyland OnBase .NET Remoting TCP Channel Unauthenticated RCE_CVE-2025-34153 Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure des...	Hyland Software	OnBase *	Aug 13, 2025	CVE
CRITICAL 9.8	THN:131B2CD2567...	Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws_THN:131B2CD256749DF271772E46F9669123 ![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=) Zoom and Xerox have addres...	N/A	N/A	Aug 13, 2025	THN
CRITICAL 9.8	MALWAREBYTES:39...	Microsoft patches some very important vulnerabilities in August’s patch Tuesday_MALWAREBYTES:39A20F18B874CA3E305C434ACBABF352 In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities. A few of them are very important for people to app...	N/A	N/A	Aug 13, 2025	MALWAREBYTES
CRITICAL 9.4	CVE-2025-55168	WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php`_CVE-2025-55168 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vu...	LabRedesCefetRJ	WeGIA < 3.4.8	Aug 12, 2025	CVE
CRITICAL 10	CVE-2025-55169	WeGIA Path Traversal at endpoint ‘html/socio/sistema/download_remessa.php’ via parameter ‘file’_CVE-2025-55169 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal v...	LabRedesCefetRJ	WeGIA < 3.4.8	Aug 12, 2025	CVE
CRITICAL 9.7	CVE-2025-54382	Cherry Studio RCE Vulnerability Disclosure_CVE-2025-54382 Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution (RCE) vulnerability exists in...	CherryHQ	cherry-studio = 1.5.1	Aug 13, 2025	CVE