HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.8	CVE-2025-8576	CVE-2025-8576_CVE-2025-8576 Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome 139.0.7258.66	Aug 7, 2025	CVE
HIGH 8.8	CVE-2025-8578	CVE-2025-8578_CVE-2025-8578 Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML ...	Google	Chrome 139.0.7258.66	Aug 7, 2025	CVE
HIGH 8.2	HACKREAD:6FA0F2...	15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)_HACKREAD:6FA0F26EBA6A96B664327E7A2451C977 A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin.…	N/A	N/A	Aug 8, 2025	HACKREAD
HIGH 8.8	CVE-2025-4796	Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover_CVE-2025-4796 The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is d...	arraytics	Eventin – Event Manager, Events Calendar, Booking, Tickets and Registration *	Aug 8, 2025	CVE
HIGH 7.1	CVE-2025-50466	CVE-2025-50466_CVE-2025-50466 OpenMetadata	n/a	n/a n/a	Aug 8, 2025	CVE
HIGH 8.1	CVE-2025-46414	EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts_CVE-2025-46414 The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to...	EG4 Electronics	EG4 12kPV all versions	Aug 8, 2025	CVE
HIGH 7.1	CVE-2025-50465	CVE-2025-50465_CVE-2025-50465 OpenMetadata	n/a	n/a n/a	Aug 8, 2025	CVE
HIGH 7.3	CVE-2025-8393	Dreame Technology iOS and Android Mobile Applications Improper Certificate Validation_CVE-2025-8393 A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when ...	Dreame Technology	Dreamehome iOS app	Aug 8, 2025	CVE
HIGH 8.8	CVE-2025-53520	EG4 Electronics EG4 Inverters Download of Code Without Integrity Check_CVE-2025-53520 The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitor...	EG4 Electronics	EG4 12kPV all versions	Aug 8, 2025	CVE
HIGH 7.5	CVE-2025-8355	XXE leading to SSRF_CVE-2025-8355 In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML con...	Xerox	FreeFlow Core	Aug 8, 2025	CVE