LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2026-21715	CVE-2026-21715_CVE-2026-21715 A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all ...	nodejs	node 20.20.1	Mar 30, 2026	CVE
LOW 3.1	CVE-2026-32696	NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable_CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication)...	nanomq	nanomq >= 0.24.6, < 0.24.7	Mar 30, 2026	CVE
LOW 3.6	CVE-2026-5115	Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices_CVE-2026-5115 The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embed...	PaperCut	Papercut NG/MF	Mar 31, 2026	CVE
LOW 2.1	CVE-2026-4794	Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF_CVE-2026-4794 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary we...	PaperCut	PaperCut NG/MF	Mar 31, 2026	CVE
LOW 1.7	CVE-2026-34073	cryptography has incomplete DNS name constraint enforcement on peer names_CVE-2026-34073 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constrain...	pyca	cryptography < 46.0.6	Mar 31, 2026	CVE
LOW 2.3	CVE-2026-34506	OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration_CVE-2026-34506 OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass ...	OpenClaw	OpenClaw	Mar 31, 2026	CVE
LOW 2.5	CVE-2026-32970	OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs_CVE-2026-32970 OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretR...	OpenClaw	OpenClaw	Mar 31, 2026	CVE
LOW 3.1	CVE-2026-0397	Information disclosure via CORS misconfiguration_CVE-2026-0397 When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visi...	PowerDNS	DNSdist 1.9.0	Mar 31, 2026	CVE
LOW 3.1	CVE-2026-0396	HTML injection in the web dashboard_CVE-2026-0396 An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-...	PowerDNS	DNSdist 1.9.0	Mar 31, 2026	CVE
LOW 2.8	CVE-2026-33762	go-git: Missing validation decoding Index v4 files leads to panic_CVE-2026-33762 go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails t...	go-git	go-git < 5.17.1	Mar 31, 2026	CVE