LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.8	CVE-2025-10871	Missing Authorization in GitLab_CVE-2025-10871 An issue has been discovered in GitLab EE affecting all versions from 16.6 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1. Project Maint...	GitLab	GitLab 16.6	Sep 26, 2025	CVE
LOW 3.5	CVE-2025-10867	Allocation of Resources Without Limits or Throttling in GitLab_CVE-2025-10867 An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could ...	GitLab	GitLab 18.1	Sep 26, 2025	CVE
LOW 3.5	CVE-2025-10868	Business Logic Errors in GitLab_CVE-2025-10868 An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certa...	GitLab	GitLab 17.4	Sep 26, 2025	CVE
LOW 3.5	CVE-2025-5069	Incorrect Ownership Assignment in GitLab_CVE-2025-5069 An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could...	GitLab	GitLab 17.10	Sep 26, 2025	CVE
LOW 3.7	CVE-2025-1396	Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled_CVE-2025-1396 A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system retu...	WSO2	WSO2 Identity Server	Sep 26, 2025	CVE
LOW 2.7	CVE-2025-10173	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update_CVE-2025-10173 The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due ...	roxnor	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution *	Sep 26, 2025	CVE
LOW 2.3	CVE-2025-10977	JeecgBoot deleteBatch improper authorization_CVE-2025-10977 A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of t...	n/a	JeecgBoot 3.8.0	Sep 25, 2025	CVE
LOW 2.3	CVE-2025-10976	JeecgBoot getDepartUserList improper authorization_CVE-2025-10976 A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing m...	n/a	JeecgBoot 3.8.0	Sep 25, 2025	CVE
LOW 3.7	CVE-2025-60019	Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()_CVE-2025-60019 glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentia...	N/A	N/A 2.60	Sep 25, 2025	CVE
LOW 3.3	CVE-2025-36857	Rapid7 Appspider Broken Access Control Vulnerability_CVE-2025-36857 Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mech...	Rapid7	Appspider Pro	Sep 25, 2025	CVE