LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-53862	OpenClaw < 2026.5.12 - Bootstrap Token Replay via Pending Pairing Scope Widening_CVE-2026-53862 OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader r...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.3	CVE-2026-53860	OpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubbles_CVE-2026-53860 OpenClaw before 2026.5.7 contains a sender policy bypass vulnerability in BlueBubbles that allows participants to match allowlist entries through c...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.3	CVE-2026-53852	OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing_CVE-2026-53852 OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore bro...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.3	CVE-2026-53848	OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers_CVE-2026-53848 OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects ou...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.3	CVE-2026-53845	OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping_CVE-2026-53845 OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.1	CVE-2026-53841	OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML_CVE-2026-53841 OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 3.7	CVE-2026-10636	Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)_CVE-2026-10636 In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) ...	zephyrproject	zephyr 2.6.0	Jun 16, 2026	CVE
LOW 3.7	CVE-2026-48709	OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration_CVE-2026-48709 OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in s...	OliveTin	OliveTin < 3000.13.0	Jun 15, 2026	CVE
LOW 3.1	MS:CVE-2026-12017	Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions_MS:CVE-2026-12017 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 15, 2026	MSCVE
LOW 3.4	CVE-2026-9062	Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal_CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such a...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE