LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-49231	Apache APISIX: Identity spoofing issue in APISIX opa plugin_CVE-2026-49231 Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-de...	Apache Software Foundation	Apache APISIX 3.5.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-48895	Apache APISIX: Cas-auth Host header influence on CAS service URL_CVE-2026-48895 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform a...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-44915	Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value_CVE-2026-44915 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vuln...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-44046	Apache APISIX: wolf-rbac plugin Identity Spoofing_CVE-2026-44046 Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentia...	Apache Software Foundation	Apache APISIX 1.2.0	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE
LOW 2.7	CVE-2026-12102	UsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' Parameter_CVE-2026-12102 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Insecur...	stiofansisland	UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP	Jun 18, 2026	CVE
LOW 2.1	CVE-2026-40457	Reflected XSS in LMS_CVE-2026-40457 A Reflected Cross-Site Scripting (XSS) vulnerability exists in LMS (LAN Management System) before commit 9c5651b in the "dbrecover.php" and "netrem...	LMS	LMS	Jun 18, 2026	CVE
LOW 1.9	CVE-2026-50268	Steeltoe: OAEP setting silently selects PKCS#1 v1.5 padding_CVE-2026-50268 Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configurat...	SteeltoeOSS	Steeltoe.Configuration.Encryption >= 4.0.0, < 4.2.0	Jun 17, 2026	CVE
LOW 2.2	CVE-2026-12567	Symlink-following arbitrary write via github_workflows module_CVE-2026-12567 The github_workflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacke...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE
LOW 3.1	CVE-2026-12566	SSRF via unvalidated WWW-Authenticate realm in docker_pull module_CVE-2026-12566 The docker_pull module uses the realm parameter from a Docker registry's WWW-Authenticate response header as the authentication endpoint without va...	Black Lantern Security	BBOT 2.0.0	Jun 17, 2026	CVE