LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	MS:CVE-2026-9950	Chromium: CVE-2026-9950 Insufficient validation of untrusted input in iOS_MS:CVE-2026-9950 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	May 31, 2026	MSCVE
LOW 3.1	CVE-2026-45426	Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access_CVE-2026-45426 Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache...	Apache Software Foundation	Apache Airflow 3.0.0	Jun 1, 2026	CVE
LOW 3.5	CVE-2026-45266	Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling_CVE-2026-45266 Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other u...	nextcloud	security-advisories < 21.1.10	Jun 1, 2026	CVE
LOW 3.5	CVE-2026-45159	Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner_CVE-2026-45159 Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1...	nextcloud	security-advisories >= 1.15.0, < 1.15.4	Jun 1, 2026	CVE
LOW 2.6	CVE-2026-45155	Nextcloud: Private circle can be added to another circle via API_CVE-2026-45155 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, ...	nextcloud	security-advisories >= 32.0.0, < 32.0.7	Jun 1, 2026	CVE
LOW 2.6	CVE-2026-45154	Nextcloud: Improper Access Control in Collectives_CVE-2026-45154 Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was delete...	nextcloud	security-advisories >= 2.6.0, < 4.3.0	Jun 1, 2026	CVE
LOW 2.3	CVE-2026-10275	OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow_CVE-2026-10275 A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component p...	n/a	OpenSC 0.26.0	Jun 1, 2026	CVE
LOW 3.1	CVE-2026-40963	Apache Airflow: DAG authorization bypass on /ui/structure/structure_data_CVE-2026-40963 The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read...	Apache Software Foundation	Apache Airflow 3.0.0	Jun 1, 2026	CVE
LOW 2.9	CVE-2026-10532	Logback deserialization whitelist bypass for Proxy objects_CVE-2026-10532 Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Objec...	QOS.CH Sarl	logback	Jun 1, 2026	CVE
LOW 3.5	CVE-2026-48191	Wrong Permission Handling in Document Search Article Meta Filters_CVE-2026-48191 An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows ga...	OTRS AG	OTRS 7.0.x	Jun 1, 2026	CVE