LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-32690	Apache Airflow: 3.x – Nested Variable Secret Values Bypass Redaction via max_depth=1_CVE-2026-32690 Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored a...	Apache Software Foundation	Apache Airflow 3.0.0	Apr 18, 2026	CVE
LOW 2.1	CVE-2026-5958	Race Condition in GNU Sed_CVE-2026-5958 When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem ...	GNU	Sed 4.1e	Apr 20, 2026	CVE
LOW 2.3	CVE-2026-6611	liangliangyy DjangoBlog File Upload Endpoint settings.py hard-coded key_CVE-2026-6611 A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the comp...	liangliangyy	DjangoBlog 2.1.0	Apr 20, 2026	CVE
LOW 3.5	CVE-2026-40334	libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c_CVE-2026-40334 libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE(...	gphoto	libgphoto2 <= 2.5.33	Apr 17, 2026	CVE
LOW 2.4	CVE-2026-40336	libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c_CVE-2026-40336 libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/pt...	gphoto	libgphoto2 <= 2.5.33	Apr 17, 2026	CVE
LOW 3.5	CVE-2026-40341	libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx_CVE-2026-40341 libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could...	gphoto	libgphoto2 <= 2.5.33	Apr 17, 2026	CVE
LOW 2.3	CVE-2026-35402	mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures_CVE-2026-35402 mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement ...	neo4j-contrib	mcp-neo4j < 0.6.0	Apr 17, 2026	CVE
LOW 3.1	CVE-2026-33436	Stirling-PDF: Reflected XSS through crafted filename in file upload functionality_CVE-2026-33436 Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoint...	Stirling-Tools	Stirling-PDF < 2.0.0	Apr 17, 2026	CVE
LOW 1	CVE-2026-40319	Giskard has a Regular Expression Denial of Service (ReDoS) in RegexMatching Check_CVE-2026-40319 Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular exp...	Giskard-AI	giskard-oss < 1.0.2b1	Apr 17, 2026	CVE
LOW 3.1	MS:CVE-2026-6312	Chromium: CVE-2026-6312 Insufficient policy enforcement in Passwords_MS:CVE-2026-6312 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Apr 17, 2026	MSCVE