LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-53852	OpenClaw < 2026.4.25 - Scope Bypass via Empty-Scope Device Re-pairing_CVE-2026-53852 OpenClaw before 2026.4.25 contains a scope containment bypass vulnerability in device re-pairing that allows authenticated operators to restore bro...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.3	CVE-2026-53848	OpenClaw < 2026.5.26 - Exec Allowlist Bypass via Transparent Command Wrappers_CVE-2026-53848 OpenClaw before 2026.5.26 contains an exec allowlist bypass vulnerability allowing authenticated operators to execute wrapper-level side effects ou...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.3	CVE-2026-53845	OpenClaw < 2026.5.6 - Skill-Command Dispatch Hook Bypass via Before-Tool-Call Hook Skipping_CVE-2026-53845 OpenClaw before 2026.5.6 contains a hook bypass vulnerability where skill commands routed through the affected dispatch path skip before-tool-call ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 2.1	CVE-2026-53841	OpenClaw < 2026.5.12 - Cross-Site Scripting via Unsafe Markdown Links in Exported Session HTML_CVE-2026-53841 OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and data: links ...	OpenClaw	OpenClaw	Jun 16, 2026	CVE
LOW 3.7	CVE-2026-10636	Use-after-free in Zephyr IPv4 IGMP send path (igmp_send)_CVE-2026-10636 In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) ...	zephyrproject	zephyr 2.6.0	Jun 16, 2026	CVE
LOW 3.7	CVE-2026-48709	OliveTin: ValidateArgumentType API Endpoint Missing Authentication Allows Action and Argument Enumeration_CVE-2026-48709 OliveTin gives access to predefined shell commands from a web interface. In versions 3000.0.0 and prior, The ValidateArgumentType RPC endpoint in s...	OliveTin	OliveTin < 3000.13.0	Jun 15, 2026	CVE
LOW 3.1	MS:CVE-2026-12017	Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions_MS:CVE-2026-12017 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 15, 2026	MSCVE
LOW 3.4	CVE-2026-9062	Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal_CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such a...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
LOW 3.5	CVE-2026-9061	Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name_CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store L...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
LOW 2.3	CVE-2026-53835	OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings_CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated sende...	OpenClaw	OpenClaw	Jun 12, 2026	CVE