LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3	CVE-2026-0510	Obsolete Encryption Algorithm Used in NW AS Java UME User Mapping_CVE-2026-0510 The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting ...	SAP_SE	NW AS Java UME User Mapping ENGINEAPI 7.50	Jan 13, 2026	CVE
LOW 3.8	CVE-2026-0504	Insufficient Input Handling in JNDI Operations of SAP Identity Management_CVE-2026-0504 Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted ma...	SAP_SE	SAP Identity Management IDM_CLM_REST_API 8.0	Jan 13, 2026	CVE
LOW 2.4	CVE-2026-22213	RIOT OS <= 2026.01-devel-317 Stack-Based Buffer Overflow in tapslip6 Utility_CVE-2026-22213 RIOT OS versions up to and including 2026.01-devel-317 contain a stack-based buffer overflow vulnerability in the tapslip6 utility. The vulnerabili...	RIOT	RIOT OS	Jan 12, 2026	CVE
LOW 2.4	CVE-2026-22800	PILOS affected by a CSRF via GET request allows unintentional termination of all active video conferences_CVE-2026-22800 PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.10.0, Cross-Site Request Forgery (CSRF) vulnerabi...	THM-Health	PILOS < 4.10.0	Jan 12, 2026	CVE
LOW 2.1	CVE-2026-22805	Metabase channel test endpoint can reach internal local addresses_CVE-2026-22805 Metabase is an open-source data analytics platform. Prior to 55.13, 56.3, and 57.1, self-hosted Metabase instances that allow users to create subsc...	metabase	metabase >= 0.57.0-beta, < 57.1	Jan 12, 2026	CVE
LOW 3.1	CVE-2025-53470	Apache Mynewt NimBLE: Out-of-Bounds Write Vulnerability in NimBLE HCI H4 driver_CVE-2025-53470 Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This...	Apache Software Foundation	Apache Mynewt NimBLE	Jan 10, 2026	CVE
LOW 2.3	CVE-2026-22784	Lychee cross-album password propagation on Album unlocking_CVE-2026-22784 Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functi...	LycheeOrg	Lychee < 7.1.0	Jan 12, 2026	CVE
LOW 2.5	CVE-2026-22250	wlc can skip SSL verification_CVE-2026-22250 wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.0, the SSL verification would be skipped for some crafted URLs. This v...	WeblateOrg	wlc < 1.17.0	Jan 12, 2026	CVE
LOW 2.3	CVE-2025-69271	Spectrum basic authentication in use_CVE-2025-69271 Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX N...	Broadcom	DX NetOps Spectrum 24.3.13 and earlier	Jan 12, 2026	CVE
LOW 2.3	CVE-2025-69270	Spectrum session token in URL_CVE-2025-69270 Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.T...	Broadcom	DX NetOps Spectrum 24.3.8 and earlier	Jan 12, 2026	CVE