LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-32642	Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission_CVE-2026-32642 Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol a...	Apache Software Foundation	Apache Artemis 2.50.0	Mar 24, 2026	CVE
LOW 3.7	CVE-2026-28753	NGINX ngx_mail_proxy_module vulnerability_CVE-2026-28753 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS resp...	F5	NGINX Open Source 1.29.0	Mar 24, 2026	CVE
LOW 2.1	CVE-2025-11571	Command Execution vulnerability in Simplicity Installer_CVE-2025-11571 Vulnerable endpoints accept user-controlled input through a URL in JSON format which enables command execution. The commands allowed to execute can...	silabs.com	Simplicity Studio v5	Mar 24, 2026	CVE
LOW 1.3	CVE-2026-33161	Craft CMS: Anonymous “assets/image-editor” calls returns private asset editor metadata to unauthorized users_CVE-2026-33161 Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14...	craftcms	cms >= 4.0.0-RC1, < 4.17.8	Mar 24, 2026	CVE
LOW 2.7	CVE-2026-33160	Craft CMS: Anonymous “generate transform” calls for assets can expose private assets via transform URL_CVE-2026-33160 Craft CMS is a content management system (CMS). From version 4.0.0-RC1 to before version 4.17.8 and from version 5.0.0-RC1 to before version 5.9.14...	craftcms	cms >= 4.0.0-RC1, < 4.17.8	Mar 24, 2026	CVE
LOW 2.9	CVE-2026-33769	Astro: Remote allowlist bypass via unanchored matchPathname wildcard_CVE-2026-33769 Astro is a web framework. From version 2.10.10 to before version 5.18.1, this issue concerns Astro's remotePatterns path enforcement for remote URL...	withastro	astro >= 2.10.10, < 5.18.1	Mar 24, 2026	CVE
LOW 2.1	CVE-2026-33624	Parse Server: MFA recovery code single-use bypass via concurrent requests_CVE-2026-33624 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0-alpha.54...	parse-community	parse-server < 8.6.60	Mar 24, 2026	CVE
LOW 1.9	CVE-2026-4433	CVE-2026-4433_CVE-2026-4433 An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user...	Tenable, Inc.	Tenable Operation Technology 3.18.58	Mar 24, 2026	CVE
LOW 3.3	CVE-2026-28893	CVE-2026-28893_CVE-2026-28893 A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A document may be written to a te...	Apple	macOS	Mar 25, 2026	CVE
LOW 3.3	CVE-2026-28864	CVE-2026-28864_CVE-2026-28864 This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS S...	Apple	iOS and iPadOS	Mar 25, 2026	CVE