LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2025-58752	Vite’s `server.fs` settings were not applied to HTML files_CVE-2025-58752 Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served r...	vitejs	vite < 5.4.20	Sep 8, 2025	CVE
LOW 1.7	CVE-2025-57815	Fides Lacks Brute-Force Protections on Authentication Endpoints_CVE-2025-57815 Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate ...	ethyca	fides < 2.69.1	Sep 8, 2025	CVE
LOW 1.7	CVE-2025-57766	Fides’s Admin UI User Password Change Does Not Invalidate Current Session_CVE-2025-57766 Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active use...	ethyca	fides < 2.69.1	Sep 8, 2025	CVE
LOW 3.7	CVE-2025-51586	CVE-2025-51586_CVE-2025-51586 An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive informati...	n/a	n/a n/a	Sep 8, 2025	CVE
LOW 2.3	CVE-2025-58422	CVE-2025-58422_CVE-2025-58422 RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attac...	Ricoh Company, Ltd.	RICOH Streamline NX versions 3.5.1 to 24R3	Sep 8, 2025	CVE
LOW 2.3	CVE-2025-10080	running-elephant Datart API AESUtil.java getTokensecret hard-coded key_CVE-2025-10080 A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart...	running-elephant	Datart 1.0.0-rc1	Sep 8, 2025	CVE
LOW 3.3	CVE-2025-0011	CVE-2025-0011_CVE-2025-0011 Improper removal of sensitive information before storage or transfer in AMD Crash Defender could allow an attacker to obtain kernel address informa...	AMD	AMD Ryzen™ 8000 Series Desktop Processors AMD Software: Adrenalin Edition 24.10.1 (24.20.19.01), AMD Software: PRO Edition 24.Q4 (24.20.30)	Sep 6, 2025	CVE
LOW 3.3	CVE-2025-26419	CVE-2025-26419_CVE-2025-26419 In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escala...	Google	Android 14	Sep 4, 2025	CVE
LOW 3.8	CVE-2025-58827	WordPress Job Board Manager Plugin <= 2.1.61 - Content Injection Vulnerability_CVE-2025-58827 Improper Control of Generation of Code ('Code Injection') vulnerability in PickPlugins Job Board Manager allows Code Injection. This issue affects ...	PickPlugins	Job Board Manager n/a	Sep 5, 2025	CVE
LOW 3.5	CVE-2025-58816	WordPress Product Carousel Slider for Elementor Plugin <= 2.1.3 - Broken Access Control Vulnerability_CVE-2025-58816 Missing Authorization vulnerability in Plugin Devs Product Carousel Slider for Elementor allows Exploiting Incorrectly Configured Access Control Se...	Plugin Devs	Product Carousel Slider for Elementor n/a	Sep 5, 2025	CVE