LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2	CVE-2025-14007	dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting_CVE-2025-14007 A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mob...	dayrui	XunRuiCMS 4.7.0	Dec 4, 2025	CVE
LOW 2.2	CVE-2025-12997	CVE-2025-12997_CVE-2025-12997 Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device ...	Medtronic	CareLink Network	Dec 4, 2025	CVE
LOW 1.8	CVE-2025-66479	Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing_CVE-2025-66479 Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level...	anthropic-experimental	sandbox-runtime < 0.0.16	Dec 4, 2025	CVE
LOW 2.7	CVE-2025-12954	Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR_CVE-2025-12954 The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating...	Unknown	Timetable and Event Schedule by MotoPress	Dec 3, 2025	CVE
LOW 1.3	CVE-2025-13751	CVE-2025-13751_CVE-2025-13751 Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigg...	OpenVPN	OpenVPN 2.5.0	Dec 3, 2025	CVE
LOW 2.7	CVE-2025-20388	Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise_CVE-2025-20388 In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.24...	Splunk	Splunk Enterprise 10.0	Dec 3, 2025	CVE
LOW 2.4	CVE-2025-20385	Stored Cross-Site scripting (XSS) through Anchor Tag “href” in Navigation Bar Collections in Splunk Enterprise_CVE-2025-20385 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.24...	Splunk	Splunk Enterprise 10.0	Dec 3, 2025	CVE
LOW 3.5	CVE-2025-20382	URL validation bypass through Views Dashboard in Splunk Enterprise_CVE-2025-20382 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2...	Splunk	Splunk Enterprise 10.0	Dec 3, 2025	CVE
LOW 3.7	CVE-2025-64763	Envoy forwards early CONNECT data in TCP proxy mode_CVE-2025-64763 Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode...	envoyproxy	envoy >= 1.36.0, <= 1.36.2	Dec 3, 2025	CVE
LOW 3.4	CVE-2025-20769	CVE-2025-20769_CVE-2025-20769 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious ...	MediaTek, Inc.	MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793 Android 14.0, 15.0, 16.0	Dec 2, 2025	CVE