LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-10636	Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)_CVE-2026-10636 In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) ...	zephyrproject	zephyr 2.6.0	Jun 16, 2026	CVE
LOW 3.7	CVE-2026-48709	OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration_CVE-2026-48709 OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in s...	OliveTin	OliveTin < 3000.13.0	Jun 15, 2026	CVE
LOW 3.1	MS:CVE-2026-12017	Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions_MS:CVE-2026-12017 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 15, 2026	MSCVE
LOW 3.4	CVE-2026-9062	Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal_CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such a...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
LOW 3.5	CVE-2026-9061	Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name_CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store L...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
LOW 2.3	CVE-2026-53835	OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings_CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated sende...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
LOW 2.3	CVE-2026-53826	OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn_CVE-2026-53826 OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to ch...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
LOW 3.7	CVE-2026-53607	@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
LOW 2.1	CVE-2026-53724	Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist_CVE-2026-53724 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4,...	parse-community	parse-server < 8.6.79	Jun 12, 2026	CVE
LOW 3.5	CVE-2026-9269	Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter_CVE-2026-9269 The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could...	Unknown	Secure Copy Content Protection and Content Locking	Jun 12, 2026	CVE