LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-53538	Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling_CVE-2026-53538 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www...	Kludex	python-multipart < 0.0.30	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53537	Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters_CVE-2026-53537 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) he...	Kludex	python-multipart < 0.0.30	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-50269	AIOHTTP: CRLF injection in multipart headers_CVE-2026-50269 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/...	aio-libs	aiohttp < 3.14.0	Jun 22, 2026	CVE
LOW 3.2	CVE-2026-49356	Babel: Arbitrary File Read via sourceMappingURL Comment in @babel/core_CVE-2026-49356 Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a so...	babel	babel >= 8.0.0-alpha.0, < 8.0.0-rc.5	Jun 22, 2026	CVE
LOW 2.3	CVE-2026-9610	Multiple Vulnerabilities in IBM Datacap_CVE-2026-9610 IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the U...	IBM	Datacap 9.1.7	Jun 22, 2026	CVE
LOW 3.8	CVE-2026-8823	User Manager can demote bot accounts to guest without bot-management permission_CVE-2026-8823 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
LOW 3.8	CVE-2026-8074	Improper Permission Check Allows User Manager to Deactivate Bot Accounts_CVE-2026-8074 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
LOW 2	CVE-2026-12888	HTML injection in the Canarytoken Google Chat notification_CVE-2026-12888 An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface M...	Thinkst Applied Research	Canarytokens sha-4aef1db90	Jun 22, 2026	CVE
LOW 2.3	CVE-2026-44911	Apache NiFi: Incorrect Authorization for Configuration Verification Requests_CVE-2026-44911 Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to sub...	Apache Software Foundation	Apache NiFi 1.15.0	Jun 22, 2026	CVE
LOW 2.3	CVE-2026-12771	BerriAI litellm M2M JWT user_api_key_auth.py improper authorization_CVE-2026-12771 A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.p...	BerriAI	litellm 1.82.0	Jun 21, 2026	CVE