LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2026-0050	CVE-2026-0050_CVE-2026-0050 In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead...	Google	Android 16-qpr2	Jun 1, 2026	CVE
LOW 3.3	CVE-2026-0016	CVE-2026-0016_CVE-2026-0016 In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissio...	Google	Android 16-qpr2	Jun 1, 2026	CVE
LOW 3.7	CVE-2026-24761	Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key_CVE-2026-24761 Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Dat...	kiteworks	Secure Data Forms < 9.3.0	Jun 1, 2026	CVE
LOW 3.7	CVE-2026-5419	Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal_CVE-2026-5419 A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a re...	Red Hat	Red Hat Enterprise Linux 10 0:3.8.10-4.el10_2	Jun 1, 2026	CVE
LOW 2.3	CVE-2026-49433	DeepAI api.deepai.org/change_user_email CSRF_CVE-2026-49433 The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged...	DeepAI	api.deepai.org	Jun 1, 2026	CVE
LOW 3.3	CVE-2026-45278	Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass_CVE-2026-45278 Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redi...	nextcloud	security-advisories >= 6.1.0, < 8.2.2	Jun 1, 2026	CVE
LOW 3.3	CVE-2026-45277	Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations_CVE-2026-45277 Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated...	nextcloud	security-advisories < 2.7.2	Jun 1, 2026	CVE
LOW 3.9	CVE-2026-30963	Capsule Namespace Hijacking via subresource_CVE-2026-30963 Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operation...	projectcapsule	capsule < 0.13.0	Jun 1, 2026	CVE
LOW 3.1	MS:CVE-2026-9950	Chromium: CVE-2026-9950 Insufficient validation of untrusted input in iOS_MS:CVE-2026-9950 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	May 31, 2026	MSCVE
LOW 3.1	CVE-2026-45426	Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access_CVE-2026-45426 Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache...	Apache Software Foundation	Apache Airflow 3.0.0	Jun 1, 2026	CVE