LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2026-47712	Dulwich doesn’t sanitize commit subjects in `porcelain.format_patch`_CVE-2026-47712 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porce...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
LOW 3.7	CVE-2026-48011	Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames_CVE-2026-48011 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator us...	shopware	shopware >= 6.7.0.0, < 6.7.10.1	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46668	SpiceDB: Caveat structures with nested lists can result in improper cache reuse_CVE-2026-46668 SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before versio...	authzed	spicedb >= 1.15.0, < 1.52.0	Jun 10, 2026	CVE
LOW 3.6	CVE-2026-45380	bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`_CVE-2026-45380 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-on...	rikyoz	bit7z < 4.0.12	Jun 10, 2026	CVE
LOW 1.1	CVE-2026-0266	PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface_CVE-2026-0266 A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaSc...	Palo Alto Networks	Cloud NGFW All	Jun 10, 2026	CVE
LOW 3.6	CVE-2026-50568	Fission: SanitizeFilePath lexical HasPrefix bypass permits sibling-directory escape_CVE-2026-50568 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior...	fission	fission < 1.25.0	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-48855	SFTP READLINK Leaks Absolute Backend Filesystem Path When Root Is Configured_CVE-2026-48855 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_R...	Erlang	OTP 3.0.1	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46497	SSRF via sitemap-derived URLs in Crawlee for Python_CVE-2026-46497 Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-der...	apify	crawlee-python >= 1.0.0, < 1.7.0	Jun 10, 2026	CVE
LOW 2	CVE-2026-11859	HTML injection in the Canarytoken links email_CVE-2026-11859 An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Si...	Thinkst Applied Research	Canarytokens sha-c0f3cf142	Jun 10, 2026	CVE
LOW 3.5	CVE-2026-9060	Agile Store Locator < 1.6.6 - Admin+ Stored XSS via map_style_CVE-2026-9060 The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store L...	Unknown	Store Locator WordPress	Jun 10, 2026	CVE