LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 1.7	CVE-2026-57435	Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`_CVE-2026-57435 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 1.7	CVE-2026-57434	Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classes_CVE-2026-57434 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain me...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 1.7	CVE-2026-57236	Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exception_CVE-2026-57236 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid enco...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 2.6	CVE-2026-57234	Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247_CVE-2026-57234 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 2	CVE-2026-13314	Stored XSS in pretix-digital_CVE-2026-13314 Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.	pretix	pretix-digital	Jun 25, 2026	CVE
LOW 2.2	CVE-2026-57438	Nokogiri: Possible Use-After-Free in XInclude Processing_CVE-2026-57438 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XM...	sparklemotion	nokogiri < 1.19.4	Jun 25, 2026	CVE
LOW 2	CVE-2026-56130	Apache Shiro: Remember-me cookie isn’t checked for expiry on the server_CVE-2026-56130 "Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, ...	Apache Software Foundation	Apache Shiro 1.2.4	Jun 25, 2026	CVE
LOW 2.4	CVE-2026-45188	Apache Kvrocks: Replication Fullsync Path Traversal via Unvalidated Filename Handling_CVE-2026-45188 Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to u...	Apache Software Foundation	Apache Kvrocks 1.0.0	Jun 25, 2026	CVE
LOW 3.1	CVE-2026-3176	Missing Authorization in GitLab_CVE-2026-3176 GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under ...	GitLab	GitLab 18.6	Jun 25, 2026	CVE
LOW 3.8	CVE-2026-0934	Incorrect Authorization in GitLab_CVE-2026-0934 GitLab has remediated an issue in GitLab EE affecting all versions from 17.9 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under ...	GitLab	GitLab 17.9	Jun 25, 2026	CVE