LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2026-42445	NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion_CVE-2026-42445 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesy...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42444	NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount_CVE-2026-42444 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem i...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42443	NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation_CVE-2026-42443 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image par...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42442	NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink_CVE-2026-42442 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image pa...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42355	NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion_CVE-2026-42355 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archiv...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.2	CVE-2026-44220	ciguard: discover_pipeline_files follows symlinks out of scan root_CVE-2026-44220 ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py ...	Jo-Jo98	ciguard >= 0.8.0, < 0.8.2	May 12, 2026	CVE
LOW 3.7	CVE-2026-44219	ciguard: SCA HTTP client reads response body without size cap_CVE-2026-44219 ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/cigua...	Jo-Jo98	ciguard >= 0.6.0, < 0.8.2	May 12, 2026	CVE
LOW 3	CVE-2026-44218	ciguard: Container image runs as root (no USER directive)_CVE-2026-44218 ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the d...	Jo-Jo98	ciguard >= 0.1.0, < 0.8.2	May 12, 2026	CVE
LOW 3.4	CVE-2026-34685	Adobe Commerce \| Improper Input Validation (CWE-20)_CVE-2026-34685 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says '...	Adobe	Adobe Commerce	May 12, 2026	CVE
LOW 2.1	CVE-2026-44278	CVE-2026-44278_CVE-2026-44278 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may all...	Fortinet	FortiClientWindows 7.4.0	May 12, 2026	CVE