LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-40969	Spring gRPC AuthenticationException message reflected to remote client_CVE-2026-40969 The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This ...	Spring	Spring gRPC 1.0.0	Apr 28, 2026	CVE
LOW 2.3	CVE-2026-41362	OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication_CVE-2026-41362 OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is ...	OpenClaw	OpenClaw 2026.2.19	Apr 27, 2026	CVE
LOW 2	CVE-2025-54505	CVE-2025-54505_CVE-2025-54505 A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, po...	AMD	AMD EPYC™ 7001 Series Processors OS update	Apr 27, 2026	CVE
LOW 2.3	CVE-2026-7085	HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal_CVE-2026-7085 A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/a...	HBAI-Ltd	Toonflow-app 1.1.0	Apr 27, 2026	CVE
LOW 3.1	CVE-2026-41488	angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding_CVE-2026-41488 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_n...	langchain-ai	langchain-openai < 1.1.14	Apr 24, 2026	CVE
LOW 3.8	CVE-2026-31051	CVE-2026-31051_CVE-2026-31051 An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component	n/a	n/a n/a	Apr 24, 2026	CVE
LOW 1.7	CVE-2026-41677	rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length_CVE-2026-41677 rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not valid...	rust-openssl	rust-openssl >= 0.9.0, < 0.10.78	Apr 24, 2026	CVE
LOW 2.2	CVE-2026-41321	@astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint_CVE-2026-41321 @astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/int...	withastro	@astrojs/cloudflare < 13.1.10	Apr 24, 2026	CVE
LOW 0.6	CVE-2026-41140	Poetry: Path traversal in tar extraction on Python 3.10.0 – 3.10.12 and 3.11.0 – 3.11.4_CVE-2026-41140 Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs...	python-poetry	poetry < 2.3.4	Apr 24, 2026	CVE
LOW 3.7	CVE-2026-42040	Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams_CVE-2026-42040 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchPa...	axios	axios >= 1.0.0, < 1.15.1	Apr 24, 2026	CVE