CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.8	CVE-2025-30973	WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability_CVE-2025-30973 Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS allows Object Injection. This issue affects CoSchool LMS: from n/a t...	Codexpert, Inc	CoSchool LMS n/a	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-30949	WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability_CVE-2025-30949 Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram allows Object Injection. This issue affects Site Chat on Telegra...	Guru Team	Site Chat on Telegram n/a	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-30936	WordPress Torod plugin <= 1.9 - SQL Injection Vulnerability_CVE-2025-30936 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Torod Company for Information Technology Toro...	Torod Company for Information Technology	Torod n/a	Jul 16, 2025	CVE
CRITICAL 10	CVE-2025-29009	WordPress Medical Prescription Attachment Plugin for WooCommerce <= 1.2.3 - Arbitrary File Upload Vulnerability_CVE-2025-29009 Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce allows Upload a Web ...	Webkul	Medical Prescription Attachment Plugin for WooCommerce n/a	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-28982	WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability_CVE-2025-28982 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This...	ThimPress	WP Pipes n/a	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-28961	WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability_CVE-2025-28961 Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener allows Object Injection. This issue affects URL Shortener: fro...	Md Yeasin Ul Haider	URL Shortener n/a	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-28959	WordPress URL Shortener <= 3.0.7 - SQL Injection Vulnerability_CVE-2025-28959 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Md Yeasin Ul Haider URL Shortener allows SQL ...	Md Yeasin Ul Haider	URL Shortener n/a	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-24759	WordPress WP-BusinessDirectory <= 3.1.3 - SQL Injection Vulnerability_CVE-2025-24759 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plug...	CMSJunkie - WordPress Business Directory Plugins	WP-BusinessDirectory n/a	Jul 16, 2025	CVE
CRITICAL 10	CVE-2025-34300	Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE_CVE-2025-34300 A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ ...	Sawtooth Software	Lighthouse Studio *	Jul 16, 2025	CVE
CRITICAL 9.4	CVE-2025-53937	WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint_CVE-2025-53937 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.5	Jul 16, 2025	CVE