LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-46342	Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning_CVE-2026-46342 Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/ni...	nuxt	nuxt >= 3.1.0, < 3.21.6	Jun 12, 2026	CVE
LOW 2.1	CVE-2026-48485	Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`._CVE-2026-48485 Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking...	duck-organization	questbot < 1.1.6	Jun 12, 2026	CVE
LOW 3.1	CVE-2026-12032	CVE-2026-12032_CVE-2026-12032 Inappropriate implementation in Passwords in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the ren...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
LOW 3.1	CVE-2026-12017	CVE-2026-12017_CVE-2026-12017 Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer proc...	Google	Chrome 149.0.7827.115	Jun 11, 2026	CVE
LOW 2.3	CVE-2026-47188	Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions._CVE-2026-47188 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses me...	duck-organization	quest-bot < 1.0.5	Jun 11, 2026	CVE
LOW 2.3	CVE-2026-47175	Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings_CVE-2026-47175 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-44489	Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix_CVE-2026-44489 Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., conf...	axios	axios 1.15.2	Jun 11, 2026	CVE
LOW 2.6	CVE-2026-9694	Improper Neutralization of Substitution Characters in GitLab_CVE-2026-9694 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 15.9	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-6976	Authorization Bypass Through User-Controlled Key in GitLab_CVE-2026-6976 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 15.9	Jun 11, 2026	CVE
LOW 3.1	CVE-2026-3553	Incorrect Authorization in GitLab_CVE-2026-3553 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 12.0	Jun 11, 2026	CVE