LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 1.3	CVE-2025-13751	CVE-2025-13751_CVE-2025-13751 Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigg...	OpenVPN	OpenVPN 2.5.0	Dec 3, 2025	CVE
LOW 2.7	CVE-2025-20388	Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise_CVE-2025-20388 In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.24...	Splunk	Splunk Enterprise 10.0	Dec 3, 2025	CVE
LOW 2.4	CVE-2025-20385	Stored Cross-Site scripting (XSS) through Anchor Tag “href” in Navigation Bar Collections in Splunk Enterprise_CVE-2025-20385 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.24...	Splunk	Splunk Enterprise 10.0	Dec 3, 2025	CVE
LOW 3.5	CVE-2025-20382	URL validation bypass through Views Dashboard in Splunk Enterprise_CVE-2025-20382 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2...	Splunk	Splunk Enterprise 10.0	Dec 3, 2025	CVE
LOW 3.7	CVE-2025-64763	Envoy forwards early CONNECT data in TCP proxy mode_CVE-2025-64763 Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode...	envoyproxy	envoy >= 1.36.0, <= 1.36.2	Dec 3, 2025	CVE
LOW 3.4	CVE-2025-20769	CVE-2025-20769_CVE-2025-20769 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious ...	MediaTek, Inc.	MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793 Android 14.0, 15.0, 16.0	Dec 2, 2025	CVE
LOW 3.5	CVE-2025-65858	CVE-2025-65858_CVE-2025-65858 A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field ...	n/a	n/a n/a	Dec 2, 2025	CVE
LOW 3.2	CVE-2025-59696	CVE-2025-59696_CVE-2025-59696 Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper ...	n/a	n/a n/a	Dec 2, 2025	CVE
LOW 2.7	CVE-2025-66409	ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling_CVE-2025-66409 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled o...	espressif	esp-idf >= 5.5-beta1, <= 5.5.1	Dec 2, 2025	CVE
LOW 3.5	CVE-2025-13640	CVE-2025-13640_CVE-2025-13640 Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical ac...	Google	Chrome 143.0.7499.41	Dec 2, 2025	CVE