LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.8	CVE-2026-2239	Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow_CVE-2026-2239 A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Ph...	Red Hat	Red Hat Enterprise Linux 7	Mar 26, 2026	CVE
LOW 3.1	CVE-2026-0968	Libssh: libssh: denial of service due to malformed sftp message_CVE-2026-0968 A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field w...	Red Hat	Red Hat Enterprise Linux 10	Mar 26, 2026	CVE
LOW 2.2	CVE-2026-0967	Libssh: libssh: denial of service via inefficient regular expression processing_CVE-2026-0967 A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that ...	Red Hat	Red Hat Enterprise Linux 10	Mar 26, 2026	CVE
LOW 3.3	CVE-2026-0965	Libssh: libssh: denial of service via improper configuration file handling_CVE-2026-0965 A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providin...	Red Hat	Red Hat Enterprise Linux 10	Mar 26, 2026	CVE
LOW 2.3	CVE-2026-33658	Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests_CVE-2026-33658 Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's...	rails	activestorage >= 8.1.0, < 8.1.2.1	Mar 26, 2026	CVE
LOW 2	CVE-2026-33674	PrestaShop: Improper Use of Validation Framework_CVE-2026-33674 PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 ...	PrestaShop	PrestaShop < 8.2.5	Mar 26, 2026	CVE
LOW 3.1	CVE-2026-29071	Open WebUI’s Insecure Direct Object Reference (IDOR) allows access to other users’ memories_CVE-2026-29071 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user c...	open-webui	open-webui < 0.8.6	Mar 26, 2026	CVE
LOW 3.7	CVE-2026-27860	CVE-2026-27860_CVE-2026-27860 If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassi...	Open-Xchange GmbH	OX Dovecot Pro	Mar 27, 2026	CVE
LOW 1.2	CVE-2026-33284	GlobalLeaks has insufficient URL validation in user support API_CVE-2026-33284 GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal valid...	globaleaks	globaleaks-whistleblowing-software < 5.0.89	Mar 27, 2026	CVE
LOW 2.3	CVE-2026-4958	OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization_CVE-2026-4958 A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgent...	OpenBMB	XAgent 1.0.0	Mar 27, 2026	CVE