LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.1	CVE-2026-34154	Discourse has a subscription access bypass in its discourse-subscriptions plugin_CVE-2026-34154 Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the d...	discourse	discourse < 2026.1.4	May 19, 2026	CVE
LOW 1.8	CVE-2025-14575	Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading_CVE-2025-14575 An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attack...	The Qt Company	Qt 5.0.0	May 19, 2026	CVE
LOW 1.6	CVE-2026-7860	Possible information disclosure of environment variables in Vaadin Build Plugins via Failed Frontend Build_CVE-2026-7860 A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment...	vaadin	flow 23.0.0	May 19, 2026	CVE
LOW 3.3	CVE-2026-33565	kernel_linux_common_modules has a Race Condition vulnerability_CVE-2026-33565 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	OpenHarmony	OpenHarmony v5.0.3	May 19, 2026	CVE
LOW 3.3	CVE-2026-28751	filemanagement_storage_service has an improper input validation vulnerability_CVE-2026-28751 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	OpenHarmony	OpenHarmony v5.0.3	May 19, 2026	CVE
LOW 3.3	CVE-2026-27781	kernel_liteos_a has an integer overflow vulnerability_CVE-2026-27781 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	OpenHarmony	OpenHarmony v5.0.3	May 19, 2026	CVE
LOW 3.3	CVE-2026-25110	Sensors_medical_sensor has a NULL pointer dereference vulnerability_CVE-2026-25110 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	OpenHarmony	OpenHarmony v5.0.3	May 19, 2026	CVE
LOW 3.5	8CE4761E-40E3-	Exploit for CVE-2025-11203_8CE4761E-40E3-5285-948E-9190434686A1 CVE-2025-11203 — LiteLLM Health Endpoint APIKEY Information Disclosure LiteLLM versions 未正确过滤敏感信息，导致已认证用户可获取其他模型配置中存储...	N/A	N/A	May 19, 2026	GITHUBEXPLOIT
LOW 3.9	CVE-2026-27964	FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation_CVE-2026-27964 FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulner...	NeoRazorX	facturascripts < 2025.8	May 18, 2026	CVE
LOW 2.1	CVE-2026-45244	Summarize < 0.15.1 Unapproved Browser Automation Execution_CVE-2026-45244 Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-ca...	steipete	summarize	May 18, 2026	CVE