LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.5	CVE-2025-64744	OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails_CVE-2025-64744 OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML i...	openobserve	openobserve <= 0.16.1	Nov 13, 2025	CVE
LOW 2.7	CVE-2025-64754	Jitsi Meet has DOM Redirect on Microsoft OAuth Flow_CVE-2025-64754 Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the ...	jitsi	jitsi-meet < 2.0.10532	Nov 13, 2025	CVE
LOW 1.2	CVE-2025-64707	Frappe LMS revoking access did not show immediate effect as roles were cached_CVE-2025-64707 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins r...	frappe	lms >= 2.0.0, < 2.41.0	Nov 12, 2025	CVE
LOW 1.3	CVE-2025-64705	Frappe user was able to access the submission of other students_CVE-2025-64705 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were ab...	frappe	lms >= 2.0.0, < 2.41.0	Nov 12, 2025	CVE
LOW 3.9	CVE-2025-64711	PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users_CVE-2025-64711 PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging...	PrivateBin	PrivateBin >= 1.7.7, < 2.0.3	Nov 13, 2025	CVE
LOW 3.8	CVE-2025-63678	CVE-2025-63678_CVE-2025-63678 An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers ...	n/a	n/a n/a	Nov 10, 2025	CVE
LOW 3.5	CVE-2025-20379	Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise_CVE-2025-20379 In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503....	Splunk	Splunk Enterprise 10.0	Nov 12, 2025	CVE
LOW 3.1	CVE-2025-20378	Open Redirect on Web Login endpoint in Splunk Enterprise_CVE-2025-20378 In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.1...	Splunk	Splunk Enterprise 10.0	Nov 12, 2025	CVE
LOW 3.7	CVE-2025-57812	[BIGSLEEP-434612419] CUPS-Filters has heap-buffer-overflow write in `cfImageLut()`_CVE-2025-57812 CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package ...	OpenPrinting	libcupsfilters cups-filters <= 1.28.17	Nov 12, 2025	CVE
LOW 3.8	CVE-2025-64170	sudo-rs: Partial password reveal is possible after timeout_CVE-2025-64170 sudo-rs is a memory safe implementation of sudo and su written in Rust. Starting in version 0.2.7 and prior to version 0.2.10, if a user begins ent...	trifectatechfoundation	sudo-rs >= 0.2.7, < 0.2.10	Nov 12, 2025	CVE