LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.1	CVE-2026-34224	Parse Server: MFA single-use token bypass via concurrent authData login requests_CVE-2026-34224 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8,...	parse-community	parse-server < 8.6.64	Mar 31, 2026	CVE
LOW 2	CVE-2026-33073	discourse-subscriptions plugin leaking stripe API key in multisite environment_CVE-2026-33073 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.3	Mar 31, 2026	CVE
LOW 2.1	CVE-2026-32607	Discourse: Stored XSS via unescaped assignee name_CVE-2026-32607 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.3	Mar 31, 2026	CVE
LOW 2.7	CVE-2026-34203	Nautobot: Management of users via REST API does not apply configured password validators_CVE-2026-34203 Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST ...	nautobot	nautobot < 2.4.30	Mar 31, 2026	CVE
LOW 3.8	CVE-2026-3470	CVE-2026-3470_CVE-2026-3470 A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a re...	SonicWall	Email Security 10.0.34.8215 and earlier versions	Mar 31, 2026	CVE
LOW 2.7	CVE-2026-3469	CVE-2026-3469_CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authen...	SonicWall	Email Security 10.0.34.8215 and earlier versions	Mar 31, 2026	CVE
LOW 3.3	CVE-2026-35094	Libinput: libinput: information disclosure via dangling pointer in lua plugin handling_CVE-2026-35094 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vuln...	Red Hat	Red Hat Enterprise Linux 10	Apr 1, 2026	CVE
LOW 3.7	CVE-2025-67806	CVE-2025-67806_CVE-2025-67806 The login mechanism of Sage DPW 2021_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts ...	n/a	n/a n/a	Apr 1, 2026	CVE
LOW 2	CVE-2026-5310	Enter Software Iperius Backup IperiusAccounts.ini hard-coded key_CVE-2026-5310 A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such...	Enter Software	Iperius Backup 8.7.0	Apr 1, 2026	CVE
LOW 2.3	CVE-2026-5199	Cross Namespace Access via Batch Operation_CVE-2026-5199 A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cl...	Temporal Technologies, Inc.	temporal 1.29.0	Apr 1, 2026	CVE