HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.7	CVE-2025-7054	Infinite loop triggered by connection ID retirement_CVE-2025-7054 Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connection...	Cloudflare	quiche 0.15.0	Aug 7, 2025	CVE
HIGH 8	THN:32407BD0F71...	Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups_THN:32407BD0F7118896742F7551C35B6CE4 ...	N/A	N/A	Aug 7, 2025	THN
HIGH 7.5	CVE-2025-21477	Improper Input Validation in Modem_CVE-2025-21477 Transient DOS while processing CCCH data when NW sends data with invalid length.	Qualcomm, Inc.	Snapdragon 315 5G IoT Modem	Aug 6, 2025	CVE
HIGH 7.5	CVE-2025-35970	CVE-2025-35970_CVE-2025-35970 On multiple products of SEIKO EPSON and FUJIFILM Corporation, the initial administrator password is easy to guess from the information available vi...	SEIKO EPSON	Multiple EPSON product see the information provided by the vendor	Aug 7, 2025	CVE
HIGH 8.8	CVE-2025-29866	CVE-2025-29866_CVE-2025-29866 : External Control of File Name or Path vulnerability in TAGFREE X-Free Uploader XFU allows : Parameter Injection.This issue affects X-Free Uploade...	TAGFREE	X-Free Uploader 1.0.1.0084	Aug 7, 2025	CVE
HIGH 8.7	CVE-2025-29865	CVE-2025-29865_CVE-2025-29865 : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TAGFREE X-Free Uploader XFU allows Path Traversal...	TAGFREE	X-Free Uploader 1.0.1.0084	Aug 7, 2025	CVE
HIGH 7	CVE-2025-3770	SMM IDT Privilege Escalation Vulnerability_CVE-2025-3770 EDK2 contains a vulnerability in BIOS where an attacker may cause "Protection Mechanism Failure" by local access. Successful exploitation of this v...	TianoCore	EDK2	Aug 7, 2025	CVE
HIGH 7.1	CVE-2025-54882	Himmelblau’s Kerberos credential cache collection is world readable_CVE-2025-54882 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Him...	himmelblau-idm	himmelblau >= 0.8.0, < 0.9.22	Aug 7, 2025	CVE
HIGH 8.6	CVE-2025-54784	SuiteCRM is vulnerable to Cross Site Scripting (XSS) through its email viewer_CVE-2025-54784 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a Cross Site Scripting (XSS) vul...	SuiteCRM	SuiteCRM >= 7.14.0, < 7.14.7	Aug 7, 2025	CVE
HIGH 8.7	CVE-2025-7769	Improper Neutralization of Special Elements used in a Command (‘Command Injection’) in Tigo Energy Cloud Connect Advanced_CVE-2025-7769 Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, al...	Tigo Energy	Cloud Connect Advanced	Aug 6, 2025	CVE