LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2026-3553	Incorrect Authorization in GitLab_CVE-2026-3553 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 12.0	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-41000	WSS4J validation does not use configured replay cache_CVE-2026-41000 Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, pro...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
LOW 3.3	CVE-2026-47712	Dulwich doesn’t sanitize commit subjects in `porcelain.format_patch`_CVE-2026-47712 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porce...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
LOW 3.7	CVE-2026-48011	Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames_CVE-2026-48011 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator us...	shopware	shopware >= 6.7.0.0, < 6.7.10.1	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46668	SpiceDB: Caveat structures with nested lists can result in improper cache reuse_CVE-2026-46668 SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before versio...	authzed	spicedb >= 1.15.0, < 1.52.0	Jun 10, 2026	CVE
LOW 3.6	CVE-2026-45380	bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`_CVE-2026-45380 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-on...	rikyoz	bit7z < 4.0.12	Jun 10, 2026	CVE
LOW 1.1	CVE-2026-0266	PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface_CVE-2026-0266 A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaSc...	Palo Alto Networks	Cloud NGFW All	Jun 10, 2026	CVE
LOW 3.6	CVE-2026-50568	Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape_CVE-2026-50568 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.25.0	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-48855	SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured_CVE-2026-48855 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_R...	Erlang	OTP 3.0.1	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46497	SSRF via sitemap-derived URLs in Crawlee for Python_CVE-2026-46497 Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-der...	apify	crawlee-python >= 1.0.0, < 1.7.0	Jun 10, 2026	CVE