LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	MS:CVE-2026-12458	CVE-2026-12458 Incorrect security UI in Passwords_MS:CVE-2026-12458 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
LOW 1.3	CVE-2026-48794	Authelia has an Edge Case Access Control Rule Mismatch_CVE-2026-48794 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications vi...	authelia	authelia >= 4.36.0, < 4.39.20	Jun 19, 2026	CVE
LOW 2.9	CVE-2026-47203	Authelia Missing Username Canonicalization in Basic Auth (LDAP)_CVE-2026-47203 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications vi...	authelia	authelia >= 4.38.0, < 4.39.20	Jun 19, 2026	CVE
LOW 1.8	CVE-2026-48617	CVE-2026-48617_CVE-2026-48617 A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentialit...	nodejs	node 22.22.3	Jun 18, 2026	CVE
LOW 2.3	CVE-2026-8668	Hardcoded credentials in embedded content_CVE-2026-8668 A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained ten...	Progress Chef	Chef360	Jun 18, 2026	CVE
LOW 3.5	CVE-2026-12047	pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047 HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /...	pgadmin.org	pgAdmin 4 6.6	Jun 18, 2026	CVE
LOW 3.7	CVE-2026-9143	Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen_CVE-2026-9143 There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently d...	NI	grpc-device	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-49871	Apache APISIX: cas-auth login CSRF / session injection issue_CVE-2026-49871 Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that man...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-49231	Apache APISIX: Identity spoofing issue in APISIX opa plugin_CVE-2026-49231 Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-de...	Apache Software Foundation	Apache APISIX 3.5.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-48895	Apache APISIX: Cas-auth Host header influence on CAS service URL_CVE-2026-48895 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform a...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE