LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.4	CVE-2025-59546	DNN Vulnerable to Stored XSS Using Backend Admin Credentials_CVE-2025-59546 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrato...	dnnsoftware	Dnn.Platform < 10.1.0	Sep 23, 2025	CVE
LOW 3.8	CVE-2025-58012	WordPress Content Mask Plugin <= 1.8.5.2 - Insecure Direct Object References (IDOR) Vulnerability_CVE-2025-58012 Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Securit...	Alex	Content Mask n/a	Sep 22, 2025	CVE
LOW 3.8	CVE-2025-58009	WordPress CP Multi View Event Calendar Plugin <= 1.4.32 - Broken Access Control Vulnerability_CVE-2025-58009 Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Le...	codepeople	CP Multi View Event Calendar n/a	Sep 22, 2025	CVE
LOW 2.7	CVE-2025-59526	Mailgen: HTML injection vulnerability in plaintext e-mails_CVE-2025-59526 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injec...	eladnava	mailgen < 2.0.30	Sep 22, 2025	CVE
LOW 2.3	CVE-2025-10778	Smartstore Gift Voucher confirm race condition_CVE-2025-10778 A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the compone...	n/a	Smartstore 6.0	Sep 22, 2025	CVE
LOW 2	CVE-2025-10767	CosmodiumCS OnlyRAT Configuration File main.py remote_download os command injection_CVE-2025-10767 A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the fi...	CosmodiumCS	OnlyRAT 3.0	Sep 21, 2025	CVE
LOW 3.1	CVE-2025-9081	IDOR in board file download allows any user to download any file by UUID_CVE-2025-9081 Mattermost versions 10.5.x	Mattermost	Mattermost 10.5.0	Sep 19, 2025	CVE
LOW 2.9	CVE-2025-59427	Cloudflare vite plugin exposes secrets over the built-in dev server_CVE-2025-59427 The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in i...	cloudflare	workers-sdk < 1.6.0	Sep 19, 2025	CVE
LOW 3.7	CVE-2025-59691	CVE-2025-59691_CVE-2025-59691 PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi rec...	PureVPN	PureVPN CLI 2.0.1	Sep 18, 2025	CVE
LOW 3.7	CVE-2025-59692	CVE-2025-59692_CVE-2025-59692 PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply defaul...	PureVPN	PureVPN CLI 2.0.1	Sep 18, 2025	CVE