LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-35537	CVE-2026-35537_CVE-2026-35537 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arb...	Roundcube	Webmail	Apr 3, 2026	CVE
LOW 3.1	CVE-2026-35538	CVE-2026-35538_CVE-2026-35538 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CS...	Roundcube	Webmail	Apr 3, 2026	CVE
LOW 2	CVE-2026-5473	NASA cFS Pickle pickle.load deserialization_CVE-2026-5473 A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manip...	NASA	cFS 7.0	Apr 3, 2026	CVE
LOW 2.1	CVE-2026-5476	NASA cFS cfe_tbl_passthru_codec.c CFE_TBL_ValidateCodecLoadSize integer overflow_CVE-2026-5476 A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tb...	NASA	cFS 7.0	Apr 3, 2026	CVE
LOW 3.7	CVE-2026-3184	Util-linux: util-linux: access control bypass due to improper hostname canonicalization_CVE-2026-3184 A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the sup...	Red Hat	Red Hat Enterprise Linux 10	Apr 3, 2026	CVE
LOW 2.7	CVE-2026-34947	Discourse: Staged user custom fields are exposed on public invite pages_CVE-2026-34947 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.3	Apr 3, 2026	CVE
LOW 3.9	CVE-2026-34768	Electron: Unquoted executable path in app.setLoginItemSettings on Windows_CVE-2026-34768 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, a...	electron	electron < 38.8.6	Apr 3, 2026	CVE
LOW 3.3	CVE-2026-34766	Electron: USB device selection not validated against filtered device list_CVE-2026-34766 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, a...	electron	electron < 38.8.6	Apr 3, 2026	CVE
LOW 3.5	CVE-2026-35679	CVE-2026-35679_CVE-2026-35679 Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draini...	Zcash	zcashd	Apr 5, 2026	CVE
LOW 3.7	CVE-2026-37977	Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim_CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's Use...	Red Hat	Red Hat Build of Keycloak	Apr 6, 2026	CVE