LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-34507	OpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom Checks_CVE-2026-34507 OpenClaw before 2026.4.29 contains a policy bypass vulnerability in QQBot admin commands that allows authenticated senders to skip DM-only and allo...	OpenClaw	OpenClaw	May 29, 2026	CVE
LOW 2.3	CVE-2026-33386	XSS in QuickCMS_CVE-2026-33386 QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a ...	OpenSolution	QuickCMS	May 29, 2026	CVE
LOW 2.3	CVE-2026-32906	OpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver Gate_CVE-2026-32906 OpenClaw before 2026.5.12 contains a privilege escalation vulnerability in Slack plugin approvals that allows exec-authorized users to resolve plug...	OpenClaw	OpenClaw	May 29, 2026	CVE
LOW 2.4	CVE-2026-49318	Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot_CVE-2026-49318 Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacen...	Indian Motorcycle (Polaris Inc.)	Scout Bobber + Tech 2025	May 29, 2026	CVE
LOW 2.4	CVE-2026-49317	Indian Scout Bobber 2025 Infotainment Digital Round skips PIN entry when WCM is silent at boot_CVE-2026-49317 Incorrect behavior order in the Infotainment / Digital Round display of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacen...	Indian Motorcycle (Polaris Inc.)	Scout Bobber + Tech 2025	May 29, 2026	CVE
LOW 1	CVE-2026-40528	OpenSC < 0.27.0 Buffer Overrun in do_key_value() via profile.c_CVE-2026-40528 OpenSC before 0.27.0, fixed in commit 0358817, contains a stack and heap buffer overrun vulnerability in the do_key_value() function in src/pkcs15i...	OpenSC	OpenSC	May 29, 2026	CVE
LOW 1	CVE-2026-40510	OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c_CVE-2026-40510 OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-pi...	OpenSC	OpenSC	May 29, 2026	CVE
LOW 2.7	CVE-2026-10078	Quay/config-tool: quay/config-tool: gitlab oauth client_secret exposed in url querystring_CVE-2026-10078 A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and clie...	Red Hat	Red Hat Quay 3	May 29, 2026	CVE
LOW 3.1	637850DA-9676-	Exploit for CVE-2026-49009_637850DA-9676-5E1C-A314-6845BEDF1672 ▄█████ ██ ██ ██████ ████▄ ▄██▄ ████▄ ▄██▀▀▀ ██ ██ ▄█▀▀█▄ ▄██▄ ▄██▄ ▄█▀▀█▄ ██ ██▄▄██ ██▄▄ ▄▄▄ ▄██▀ ██ ██ ▄██▀ ██▄▄▄ ▄▄▄ ▀█████ ▀▀▀██ ██ ██ ██ ██ ▀▀▀...	N/A	N/A	May 28, 2026	GITHUBEXPLOIT
LOW 2	CVE-2026-47713	AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration_CVE-2026-47713 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an app...	Mintplex-Labs	anything-llm < 1.13.0	May 28, 2026	CVE