LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.1	CVE-2026-44915	Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value_CVE-2026-44915 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vuln...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-44046	Apache APISIX: wolf-rbac plugin Identity Spoofing_CVE-2026-44046 Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentia...	Apache Software Foundation	Apache APISIX 1.2.0	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
LOW 2.7	CVE-2026-12102	UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter_CVE-2026-12102 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecur...	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Jun 18, 2026	CVE
LOW 2.1	CVE-2026-40457	Reflected XSS in LMS_CVE-2026-40457 A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netrem...	LMS	LMS	Jun 18, 2026	CVE
LOW 1.9	CVE-2026-50268	Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding_CVE-2026-50268 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Encryption >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
LOW 2.2	CVE-2026-12567	Symlink-following arbitrary write via github_workflows module_CVE-2026-12567 The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacke...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE
LOW 3.1	CVE-2026-12566	SSRF via unvalidated WWW-Authenticate realm in docker_pull module_CVE-2026-12566 The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without va...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE
LOW 3.7	CVE-2026-6733	undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse_CVE-2026-6733 Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can...	undici	undici	Jun 17, 2026	CVE
LOW 2.9	CVE-2026-39199	CVE-2026-39199_CVE-2026-39199 snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.	Snes9X team	Snes9X 1.63	Jun 17, 2026	CVE