LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-9143	Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen_CVE-2026-9143 There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently d...	NI	grpc-device	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-49871	Apache APISIX: cas-auth login CSRF / session injection issue_CVE-2026-49871 Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that man...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-49231	Apache APISIX: Identity spoofing issue in APISIX opa plugin_CVE-2026-49231 Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-de...	Apache Software Foundation	Apache APISIX 3.5.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-48895	Apache APISIX: Cas-auth Host header influence on CAS service URL_CVE-2026-48895 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform a...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-44915	Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value_CVE-2026-44915 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vuln...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-44046	Apache APISIX: wolf-rbac plugin Identity Spoofing_CVE-2026-44046 Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentia...	Apache Software Foundation	Apache APISIX 1.2.0	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
LOW 2.7	CVE-2026-12102	UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter_CVE-2026-12102 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecur...	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Jun 18, 2026	CVE
LOW 2.1	CVE-2026-40457	Reflected XSS in LMS_CVE-2026-40457 A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netrem...	LMS	LMS	Jun 18, 2026	CVE
LOW 1.9	CVE-2026-50268	Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding_CVE-2026-50268 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Encryption >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE