LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-56325	Capgo – App ID Confusion via ILIKE Wildcard in Preview Subdomain Lookup_CVE-2026-56325 Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for app_id lookup in the preview subdomain resolver, allowing underscor...	Capgo	Capgo	Jun 20, 2026	CVE
LOW 2.3	CVE-2026-56317	Nuxt – Cross-Site Scripting via NoScript Component Slot Content_CVE-2026-56317 Nuxt before 4.4.7 (and the 3.x branch before 3.21.7) contains a cross-site scripting vulnerability in the NoScript component that writes slot conte...	Nuxt	Nuxt 4.0.0	Jun 20, 2026	CVE
LOW 3.1	MS:CVE-2026-12458	CVE-2026-12458 Incorrect security UI in Passwords_MS:CVE-2026-12458 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	Jun 19, 2026	MSCVE
LOW 1.3	CVE-2026-48794	Authelia has an Edge Case Access Control Rule Mismatch_CVE-2026-48794 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications vi...	authelia	authelia >= 4.36.0, < 4.39.20	Jun 19, 2026	CVE
LOW 2.9	CVE-2026-47203	Authelia Missing Username Canonicalization in Basic Auth (LDAP)_CVE-2026-47203 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications vi...	authelia	authelia >= 4.38.0, < 4.39.20	Jun 19, 2026	CVE
LOW 1.8	CVE-2026-48617	CVE-2026-48617_CVE-2026-48617 A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentialit...	nodejs	node 22.22.3	Jun 18, 2026	CVE
LOW 2.3	CVE-2026-8668	Hardcoded credentials in embedded content_CVE-2026-8668 A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained ten...	Progress Chef	Chef360	Jun 18, 2026	CVE
LOW 3.5	CVE-2026-12047	pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047 HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /...	pgadmin.org	pgAdmin 4 6.6	Jun 18, 2026	CVE
LOW 3.7	CVE-2026-9143	Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen_CVE-2026-9143 There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently d...	NI	grpc-device	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-49871	Apache APISIX: cas-auth login CSRF / session injection issue_CVE-2026-49871 Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that man...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE