LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-46554	NocoDB: Stale Auth Cache After API Token Deletion_CVE-2026-46554 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their ca...	nocodb	nocodb < 2026.04.4	Jun 23, 2026	CVE
LOW 2.1	CVE-2026-46553	NocoDB: Attachment Size Limit Bypass via Upload-by-URL_CVE-2026-46553 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE agai...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
LOW 2	CVE-2026-46549	NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation_CVE-2026-46549 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_reso...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
LOW 2.2	CVE-2026-54327	Pi: Race condition in auth.json writes could expose stored credentials_CVE-2026-54327 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the f...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
LOW 2.5	CVE-2026-54326	Pi: Potential XSS in HTML session exports via Markdown URL sanitization bypass_CVE-2026-54326 Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi HTML exports render session Markdown into a static HTML file. It did not cons...	earendil-works	pi >= 0.74.0, < 0.78.1	Jun 23, 2026	CVE
LOW 2.3	CVE-2026-47388	NocoDB: Missing Ownership Check in MCP Attachment Read_CVE-2026-47388 NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, a low-privilege MCP token holder with knowledge of an attachment pat...	nocodb	nocodb < 2026.05.1	Jun 23, 2026	CVE
LOW 3.7	CVE-2026-56968	CVE-2026-56968_CVE-2026-56968 GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosur...	GNU	GNU SASL	Jun 23, 2026	CVE
LOW 2.9	CVE-2026-57062	CVE-2026-57062_CVE-2026-57062 CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to...	GnuPG	GnuPG	Jun 23, 2026	CVE
LOW 3.5	CVE-2025-15619	HCL Connections is vulnerable to broken access control_CVE-2025-15619 HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.	HCLSoftware	Connections 7.0, 8.0	Jun 23, 2026	CVE
LOW 3.7	CVE-2026-55654	Openssh: heap out-of-bounds read in red hat enterprise linux versions of openssh gssapi indicator cleanup due to missing null sentinel termination_CVE-2026-55654 A flaw was found in OpenSSH. This vulnerability, a heap out-of-bounds read, occurs during the cleanup of GSSAPI (Generic Security Service Applicati...	Red Hat	Red Hat Enterprise Linux 10	Jun 23, 2026	CVE