LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-24661	Unbounded Request Body Read in MS Teams Plugin {{/changes}} Webhook Endpoint_CVE-2026-24661 Mattermost Plugins versions	Mattermost	Mattermost	Apr 9, 2026	CVE
LOW 3.7	CVE-2026-21388	Unbounded Request Body Read in MS Teams Plugin {{/lifecycle}} Webhook Endpoint_CVE-2026-21388 Mattermost Plugins versions	Mattermost	Mattermost	Apr 9, 2026	CVE
LOW 2.7	CVE-2025-15480	Senstive information disclosure was affecting ubuntu-desktop-provision_CVE-2025-15480 In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a u...	Canonical	Ubuntu	Apr 9, 2026	CVE
LOW 2.7	CVE-2025-14551	Senstive information disclosure was affecting subiquity_CVE-2025-14551 In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a...	Canonical	Ubuntu	Apr 9, 2026	CVE
LOW 2.3	CVE-2026-39957	Lychee has Broken Access Control in SharingController::listAll() leaks private album sharing metadata to unauthorized users_CVE-2026-39957 Lychee is a free, open-source photo-management tool. Prior to 7.5.4, a SQL operator-precedence bug in SharingController::listAll() causes the orWhe...	LycheeOrg	Lychee < 7.5.4	Apr 9, 2026	CVE
LOW 1.7	CVE-2026-40072	web3.py affected by SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling_CVE-2026-40072 web3.py allows you to interact with the Ethereum blockchain using Python. From 6.0.0b3 to before 7.15.0 and 8.0.0b2, web3.py implements CCIP Read /...	ethereum	web3.py >= 6.0.0b3, < 7.15.0	Apr 9, 2026	CVE
LOW 2.3	CVE-2026-34988	Wasmtime leaks data between pooling allocator instances_CVE-2026-34988 Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contain...	bytecodealliance	wasmtime >= 28.0.0, < 36.0.7	Apr 9, 2026	CVE
LOW 1	CVE-2026-34983	Wasmtime has a use-after-free bug after cloning `wasmtime::Linker`_CVE-2026-34983 Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not cont...	bytecodealliance	wasmtime >= 43.0.0, < 43.0.1	Apr 9, 2026	CVE
LOW 2.3	CVE-2026-34945	Wasmtime leaks host data with 64-bit tables and Winch_CVE-2026-34945 Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a bug where a 64-bit ta...	bytecodealliance	wasmtime >= 25.0.0, < 36.0.7	Apr 9, 2026	CVE
LOW 3.5	CVE-2026-40077	Beszel has an IDOR in hub API endpoints that read system ID from URL parameter_CVE-2026-40077 Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without ...	henrygd	beszel < 0.18.7	Apr 9, 2026	CVE