LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-33877	ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint_CVE-2026-33877 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the pas...	apostrophecms	apostrophe < 4.29.0	Apr 15, 2026	CVE
LOW 3.3	CVE-2026-21727	Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record_CVE-2026-21727 --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cros...	Grafana	Grafana Correlations 10.2.0	Apr 15, 2026	CVE
LOW 1.3	CVE-2025-12141	Grafana Alerting Editors can edit destination of webhooks they did not create_CVE-2025-12141 In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.n...	Grafana	Grafana Alerting 8.0.0	Apr 15, 2026	CVE
LOW 2.9	CVE-2025-52641	Internal Filesystem Exploration vulnerability_CVE-2025-52641 HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such i...	HCL	AION 2.0	Apr 15, 2026	CVE
LOW 2.7	CVE-2026-27769	Connected Workspaces: Malicious remote server can manipulate arbitrary user’s status_CVE-2026-27769 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Apr 15, 2026	CVE
LOW 2.4	CVE-2026-27308	ColdFusion \| Uncontrolled Resource Consumption (CWE-400)_CVE-2026-27308 ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application d...	Adobe	ColdFusion	Apr 14, 2026	CVE
LOW 2.4	CVE-2026-27307	ColdFusion \| Uncontrolled Resource Consumption (CWE-400)_CVE-2026-27307 ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application d...	Adobe	ColdFusion	Apr 14, 2026	CVE
LOW 3.5	CVE-2026-34454	OAuth2 Proxy: Session cookie not cleared when rendering sign-in page_CVE-2026-34454 OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from c...	oauth2-proxy	oauth2-proxy >= 7.11.0, < 7.15.2	Apr 14, 2026	CVE
LOW 2.7	CVE-2026-36952	CVE-2026-36952_CVE-2026-36952 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.	n/a	n/a n/a	Apr 13, 2026	CVE
LOW 2.7	CVE-2026-36950	CVE-2026-36950_CVE-2026-36950 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.	n/a	n/a n/a	Apr 13, 2026	CVE