LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-47188	Quest Bot: Unban and unwarn reason fields still allow bot-powered mass mentions._CVE-2026-47188 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the latest release suppresses me...	duck-organization	quest-bot < 1.0.5	Jun 11, 2026	CVE
LOW 2.3	CVE-2026-47175	Quest Bot: Moderation reason fields allow bot-powered `@everyone` / `@here` pings_CVE-2026-47175 Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, several moderation commands echo...	duck-organization	quest-bot < 1.0.4	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-44489	Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix_CVE-2026-44489 Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., conf...	axios	axios 1.15.2	Jun 11, 2026	CVE
LOW 2.6	CVE-2026-9694	Improper Neutralization of Substitution Characters in GitLab_CVE-2026-9694 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 15.9	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-6976	Authorization Bypass Through User-Controlled Key in GitLab_CVE-2026-6976 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 15.9	Jun 11, 2026	CVE
LOW 3.1	CVE-2026-3553	Incorrect Authorization in GitLab_CVE-2026-3553 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 12.0	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-41000	WSS4J validation does not use configured replay cache_CVE-2026-41000 Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, pro...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
LOW 3.3	CVE-2026-47712	Dulwich doesn’t sanitize commit subjects in `porcelain.format_patch`_CVE-2026-47712 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porce...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
LOW 3.7	CVE-2026-48011	Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames_CVE-2026-48011 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator us...	shopware	shopware >= 6.7.0.0, < 6.7.10.1	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46668	SpiceDB: Caveat structures with nested lists can result in improper cache reuse_CVE-2026-46668 SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before versio...	authzed	spicedb >= 1.15.0, < 1.52.0	Jun 10, 2026	CVE