LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.5	CVE-2026-40334	libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c_CVE-2026-40334 libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE(...	gphoto	libgphoto2 <= 2.5.33	Apr 17, 2026	CVE
LOW 2.4	CVE-2026-40336	libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c_CVE-2026-40336 libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/pt...	gphoto	libgphoto2 <= 2.5.33	Apr 17, 2026	CVE
LOW 3.5	CVE-2026-40341	libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx_CVE-2026-40341 libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could...	gphoto	libgphoto2 <= 2.5.33	Apr 17, 2026	CVE
LOW 2.3	CVE-2026-35402	mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures_CVE-2026-35402 mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement ...	neo4j-contrib	mcp-neo4j < 0.6.0	Apr 17, 2026	CVE
LOW 3.1	CVE-2026-33436	Stirling-PDF: Reflected XSS through crafted filename in file upload functionality_CVE-2026-33436 Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoint...	Stirling-Tools	Stirling-PDF < 2.0.0	Apr 17, 2026	CVE
LOW 1	CVE-2026-40319	Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check_CVE-2026-40319 Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular exp...	Giskard-AI	giskard-oss < 1.0.2b1	Apr 17, 2026	CVE
LOW 3.1	MS:CVE-2026-6312	Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords_MS:CVE-2026-6312 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Apr 17, 2026	MSCVE
LOW 3.1	MS:CVE-2026-6313	Chromium: CVE-2026-6313 Insufficient policy enforcement in CORS_MS:CVE-2026-6313 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Apr 17, 2026	MSCVE
LOW 2.7	CVE-2026-35496	CVE-2026-35496_CVE-2026-35496 A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level di...	CubeCart Limited	CubeCart prior to 6.6.0	Apr 17, 2026	CVE
LOW 3.7	CVE-2026-40263	Note Mark: Username Enumeration via Login Endpoint Timing Side-Channel_CVE-2026-40263 Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only wh...	enchant97	note-mark < 0.19.2	Apr 16, 2026	CVE