LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2026-27937	October: Reflected XSS via DataTable Form Widget_CVE-2026-27937 October is a Content Management System (CMS) and web platform. Prior to 3.7.16 and 4.1.16, a reflected Cross-Site Scripting (XSS) vulnerability was...	octobercms	october >= 4.0.0, < 4.1.16	Apr 21, 2026	CVE
LOW 3.7	CVE-2026-40279	BACnet Stack: Undefined-behavior signed left shift in `decode_signed32()`_CVE-2026-40279 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c recons...	bacnet-stack	bacnet-stack < 1.4.3	Apr 21, 2026	CVE
LOW 3.7	CVE-2025-31958	HCL BigFix Service Management (SM) is susceptible to HTTP Request Smuggling_CVE-2025-31958 HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requ...	HCLSoftware	BigFix Service Management (SM) 23	Apr 21, 2026	CVE
LOW 3.2	CVE-2026-31369	Privilege Bypass in PcManager_CVE-2026-31369 PcManager is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability	Honor	PcManager 1.0.0.2	Apr 21, 2026	CVE
LOW 2	CVE-2026-40264	OpenBao’s Token Store Allows Cross-Namespace Renewal, Revocation_CVE-2026-40264 OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a...	openbao	openbao < 2.5.3	Apr 21, 2026	CVE
LOW 3.1	CVE-2026-39396	OpenBao has Decompression Bomb via Unbounded Copy in OCI Plugin Extraction (DoS)_CVE-2026-39396 OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin down...	openbao	openbao < 2.5.3	Apr 21, 2026	CVE
LOW 2	CVE-2026-39388	OpenBao’s Certificate Authentication Allows Token Renewal With Different Certificate_CVE-2026-39388 OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a tok...	openbao	openbao < 2.5.3	Apr 21, 2026	CVE
LOW 2	CVE-2026-41330	OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy_CVE-2026-41330 OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Do...	OpenClaw	OpenClaw	Apr 20, 2026	CVE
LOW 2.3	CVE-2026-22051	CVE-2026-22051_CVE-2026-22051 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Suc...	NETAPP	StorageGRID (formerly StorageGRID Webscale)	Apr 20, 2026	CVE
LOW 2.3	CVE-2026-0930	Potential wolfSSHd Buffer out-of-bounds Read on Windows Handling Terminal Resize_CVE-2026-0930 Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of...	wolfSSL	wolfSSH 1.4.15	Apr 20, 2026	CVE