LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.9	CVE-2025-66037	OpenSC: Out of Bounds vulnerability_CVE-2025-66037 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes...	OpenSC	OpenSC < 0.27.0	Mar 30, 2026	CVE
LOW 3.8	CVE-2025-49010	OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE_CVE-2025-49010 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time use...	OpenSC	OpenSC < 0.27.0	Mar 30, 2026	CVE
LOW 3.3	CVE-2026-21716	CVE-2026-21716_CVE-2026-21716 An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission check...	nodejs	node 20.20.1	Mar 30, 2026	CVE
LOW 3.3	CVE-2026-21715	CVE-2026-21715_CVE-2026-21715 A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all ...	nodejs	node 20.20.1	Mar 30, 2026	CVE
LOW 3.1	CVE-2026-32696	NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable_CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication)...	nanomq	nanomq >= 0.24.6, < 0.24.7	Mar 30, 2026	CVE
LOW 3.6	CVE-2026-5115	Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices_CVE-2026-5115 The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embed...	PaperCut	Papercut NG/MF	Mar 31, 2026	CVE
LOW 2.1	CVE-2026-4794	Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF_CVE-2026-4794 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary we...	PaperCut	PaperCut NG/MF	Mar 31, 2026	CVE
LOW 1.7	CVE-2026-34073	cryptography has incomplete DNS name constraint enforcement on peer names_CVE-2026-34073 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constrain...	pyca	cryptography < 46.0.6	Mar 31, 2026	CVE
LOW 2.3	CVE-2026-34506	OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration_CVE-2026-34506 OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass ...	OpenClaw	OpenClaw	Mar 31, 2026	CVE
LOW 2.5	CVE-2026-32970	OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs_CVE-2026-32970 OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretR...	OpenClaw	OpenClaw	Mar 31, 2026	CVE