CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	1ECCA324-B41F-	Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller_1ECCA324-B41F-5BF1-AFB8-3822010A8AE1 Exploit for CVE-2025-5777: Citrix NetScaler Memory Disclosure (CitrixBleed 2) [T1606] Description External,...	N/A	N/A	Aug 20, 2025	GITHUBEXPLOIT
CRITICAL 9.8	CVE-2025-54143	CVE-2025-54143_CVE-2025-54143 Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent p...	Mozilla	Firefox for iOS unspecified	Aug 19, 2025	CVE
CRITICAL 9.1	CVE-2025-54145	CVE-2025-54145_CVE-2025-54145 The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text ...	Mozilla	Firefox for iOS unspecified	Aug 19, 2025	CVE
CRITICAL 9.8	CVE-2025-55031	CVE-2025-55031_CVE-2025-55031 Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth rang...	Mozilla	Firefox for iOS unspecified	Aug 19, 2025	CVE
CRITICAL 9.8	CVE-2025-8042	CVE-2025-8042_CVE-2025-8042 Firefox for Android allowed a sandboxed iframe without the `allow-downloads` attribute to start downloads. This vulnerability affects Firefox < 141.	Mozilla	Firefox unspecified	Aug 19, 2025	CVE
CRITICAL 9.3	CVE-2025-55746	Directus allows unauthenticated file upload and file modification due to lacking input sanitization_CVE-2025-55746 Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file u...	directus	directus >= 10.8.0, < 11.9.3	Aug 20, 2025	CVE
CRITICAL 9	F71DE4F4-E39E-	Exploit for Improper Neutralization of Script in Attributes in a Web Page in Xwiki Rendering_F71DE4F4-E39E-5ABF-9793-1DB0F48EAAE8 XWiki Rendering XWiki Rendering is a generic Rendering system that converts textual input in...	N/A	N/A	Aug 16, 2025	GITHUBEXPLOIT
CRITICAL 9.3	CVE-2025-9074	Docker Desktop allows unauthenticated access to Docker Engine API from containers_CVE-2025-9074 A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Dock...	Docker	Docker Desktop 4.25	Aug 20, 2025	CVE
CRITICAL 9.8	CVE-2025-27129	CVE-2025-27129_CVE-2025-27129 An authentication bypass vulnerability exists in the HTTP authentication functionality of Tenda AC6 V5.0 V02.03.01.110. A specially crafted HTTP re...	Tenda	AC6 V5.0 V02.03.01.110	Aug 20, 2025	CVE
CRITICAL 10	CVE-2025-53577	WordPress Global DNS Plugin <= 3.1.0 - Remote Code Execution (RCE) Vulnerability_CVE-2025-53577 Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global...	thehp	Global DNS n/a	Aug 20, 2025	CVE