CRITICAL - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.3	CVE-2025-24759	WordPress WP-BusinessDirectory <= 3.1.3 - SQL Injection Vulnerability_CVE-2025-24759 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CMSJunkie - WordPress Business Directory Plug...	CMSJunkie - WordPress Business Directory Plugins	WP-BusinessDirectory n/a	Jul 16, 2025	CVE
CRITICAL 10	CVE-2025-34300	Sawtooth Software Lighthouse Studio < 9.16.14 Pre-Authentication RCE_CVE-2025-34300 A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ ...	Sawtooth Software	Lighthouse Studio *	Jul 16, 2025	CVE
CRITICAL 9.4	CVE-2025-53937	WeGIA has SQL Injection (Blind Time-Based) Vulnerability in `cargo` Parameter on `control.php` Endpoint_CVE-2025-53937 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identifi...	LabRedesCefetRJ	WeGIA < 3.4.5	Jul 16, 2025	CVE
CRITICAL 10	CVE-2025-20337	Cisco ISE API Unauthenticated Remote Code Execution Vulnerability_CVE-2025-20337 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the u...	Cisco	Cisco Identity Services Engine Software 3.3.0	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34121	Idera Up.Time ≤ 7.2 post2file.php Arbitrary File Upload RCE_CVE-2025-34121 An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/po...	Idera	Up.Time Monitoring Station *	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34117	Netcore / Netis Routers RCE via UDP Port 53413 Backdoor_CVE-2025-34117 A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the pr...	Netcore Technology	Router firmware Prior to August 2014	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34127	Achat v0.150 SEH Buffer Overflow via UDP_CVE-2025-34127 A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an ...	Achat Software	Achat Chat Server 0.150	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34125	D-Link DSP-W110A1 Cookie Command Injection_CVE-2025-34125 An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware v...	D-Link	DSP-W110A1 1.05B01	Jul 16, 2025	CVE
CRITICAL 9.3	CVE-2025-34132	LILIN DVR Command Injection via NTPUpdate in dvr_box_CVE-2025-34132 A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server fie...	Merit LILIN	DVR Firmware *	Jul 16, 2025	CVE
CRITICAL 9.8	CVE-2025-5396	Bears Backup <= 2.0.0 - Unauthenticated Remote Code Execution_CVE-2025-5396 The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbacku...	Bearsthemes	Bears Backup *	Jul 17, 2025	CVE