CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2025-48293	WordPress Geo Mashup plugin <= 1.13.16 - Local File Inclusion vulnerability_CVE-2025-48293 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dylan Kuhn Geo Mashup all...	Dylan Kuhn	Geo Mashup n/a	Aug 14, 2025	CVE
CRITICAL 10	CVE-2025-25174	WordPress BeeTeam368 Extensions Plugin <= 1.9.4 - Local File Inclusion Vulnerability_CVE-2025-25174 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Exte...	beeteam368	BeeTeam368 Extensions n/a	Aug 14, 2025	CVE
CRITICAL 9.9	CVE-2025-24775	WordPress Forms <= 2.9.0 - Arbitrary File Upload Vulnerability_CVE-2025-24775 Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server. This issue affects Form...	Made I.T.	Forms n/a	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-55346	Unintended dynamic code execution leads to remote code execution by network attackers_CVE-2025-55346 User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed ...	N/A	N/A	Aug 14, 2025	CVE
CRITICAL 9.8	CVE-2025-8943	Unsupervised OS command execution leads to remote code execution by unauthenticated network attackers_CVE-2025-8943 The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's i...	N/A	N/A	Aug 14, 2025	CVE
CRITICAL 9.2	CVE-2025-34154	UnForm Server Manager < 10.1.12 Unauthenticated Arbitrary File Read_CVE-2025-34154 UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw res...	Synergetic Data Systems Inc.	UnForm Server Manager *	Aug 13, 2025	CVE
CRITICAL 9	CVE-2025-8904	Privilege escalation issue in Amazon EMR Secret Agent component_CVE-2025-8904 Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to th...	Amazon	EMR 6.10	Aug 13, 2025	CVE
CRITICAL 10	CVE-2025-34153	Hyland OnBase .NET Remoting TCP Channel Unauthenticated RCE_CVE-2025-34153 Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure des...	Hyland Software	OnBase *	Aug 13, 2025	CVE
CRITICAL 9.8	THN:131B2CD2567...	Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws_THN:131B2CD256749DF271772E46F9669123 ![](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=) Zoom and Xerox have addres...	N/A	N/A	Aug 13, 2025	THN
CRITICAL 9.8	MALWAREBYTES:39...	Microsoft patches some very important vulnerabilities in August’s patch Tuesday_MALWAREBYTES:39A20F18B874CA3E305C434ACBABF352 In the August 2025 patch Tuesday round Microsoft fixed a total of 111 Microsoft vulnerabilities. A few of them are very important for people to app...	N/A	N/A	Aug 13, 2025	MALWAREBYTES