LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2025-15224	libssh key passphrase bypass without agent set_CVE-2025-15224 When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate u...	curl	curl 8.17.0	Jan 8, 2026	CVE
LOW 1.8	CVE-2025-12776	Stored Cross-Site Scripting_CVE-2025-12776 The Report Builder component of the application stores user input directly in a web page and displays it to other users, which raised concerns abou...	Commvault	WebConsole 11.32.0	Jan 7, 2026	CVE
LOW 1.9	MS:CVE-2025-11961	OOBR and OOBW in pcap_ether_aton() in libpcap_MS:CVE-2025-11961 {“lastseen”:”2026-01-06T09:42:33″,”description”:””,”published”:”2026-01-03T01:01:...	N/A	N/A	Jan 3, 2026	MSCVE
LOW 1.9	MS:CVE-2025-11964	OOBW in utf_16le_to_utf_8_truncated() in libpcap_MS:CVE-2025-11964 {“lastseen”:”2026-01-06T09:42:33″,”description”:””,”published”:”2026-01-03T01:01:...	N/A	N/A	Jan 3, 2026	MSCVE
LOW 2.9	CVE-2025-31963	HCL BigFix IVR is impacted by improper authentication and missing CSRF protection_CVE-2025-31963 Improper authentication and missing CSRF protection in the local setup interface component in HCL BigFix IVR version 4.2 allows a local attacker to...	HCLSoftware	BigFix IVR 4.2	Jan 7, 2026	CVE
LOW 2.2	CVE-2025-31964	HCL BigFix IVR is impacted by an improper service binding configuration_CVE-2025-31964 Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service ...	HCLSoftware	BigFix IVR 4.2	Jan 7, 2026	CVE
LOW 2.7	CVE-2025-12958	Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation_CVE-2025-12958 The Rankology SEO and Analytics Tool plugin for WordPress is vulnerable to unauthorized modification of data due to an incorrect capability check o...	rankology	Rankology SEO and Analytics Tool *	Jan 7, 2026	CVE
LOW 2	CVE-2025-31962	HCL BigFix IVR is impacted by an insufficient session expiration vulnerability_CVE-2025-31962 Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolo...	HCLSoftware	BigFix IVR 4.2	Jan 7, 2026	CVE
LOW 3.7	CVE-2025-11235	MOVEit Transfer REST API does not require current password in order to initiate the password change process_CVE-2025-11235 Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1....	Progress	MOVEit Transfer 2023.1.0	Jan 6, 2026	CVE
LOW 3.3	CVE-2026-21674	iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path_CVE-2026-21674 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnera...	InternationalColorConsortium	iccDEV < 2.3.1.1	Jan 6, 2026	CVE