LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2026-8553	CVE-2026-8553_CVE-2026-8553 Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out...	Google	Chrome 148.0.7778.168	May 14, 2026	CVE
LOW 2.1	CVE-2026-44428	MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience_CVE-2026-44428 The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-sid...	modelcontextprotocol	registry < 1.7.6	May 14, 2026	CVE
LOW 3.5	CVE-2026-45781	MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims_CVE-2026-45781 The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips...	modelcontextprotocol	registry < 1.7.9	May 14, 2026	CVE
LOW 3.7	CVE-2026-44589	nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)_CVE-2026-44589 Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in [email protected] to remediate GHSA-pqhr-...	nuxt-modules	og-image >= 6.2.5, < 6.4.9	May 14, 2026	CVE
LOW 3.1	CVE-2026-27680	CSS Injection vulnerability in SAP NetWeaver Application Server ABAP_CVE-2026-27680 Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style ...	SAP_SE	SAP NetWeaver Application Server ABAP SAP_UI 758	May 14, 2026	CVE
LOW 2.1	CVE-2026-22706	Strapi: Password Reset Does Not Revoke Existing Refresh Sessions_CVE-2026-22706 Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not in...	strapi	strapi < 5.33.3	May 14, 2026	CVE
LOW 2.5	CVE-2026-44638	libsixel: NULL pointer dereference_CVE-2026-44638 libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in si...	saitoha	libsixel >= 1.0.0, < 1.8.7-r2	May 14, 2026	CVE
LOW 2.3	CVE-2026-42186	OpenBao’s Namespace Deletion May Not Delete Data Properly_CVE-2026-42186 OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent ret...	openbao	openbao < 2.5.3	May 14, 2026	CVE
LOW 3.8	CVE-2026-6923	Nuvoton – CWE-1300: Improper Protection of Physical Side Channels_CVE-2026-6923 A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman (ECDH) key.	Nuvoton	NPCT7xx all versions below 7.2.4.0	May 14, 2026	CVE
LOW 2.3	CVE-2026-44515	Nextcloud News: Authenticated blind SSRF via feed URL_CVE-2026-44515 Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (...	nextcloud	news < 28.3.0-beta.1	May 14, 2026	CVE