LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.7	CVE-2026-54275	AIOHTTP: TLS Server Hostname Override Is Ignored When Reusing HTTPS Connections_CVE-2026-54275 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed ...	aio-libs	aiohttp < 3.14.1	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53540	Python-Multipart: Negative Content-Length in parse_form buffers the entire body in memory_CVE-2026-53540 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using ...	Kludex	python-multipart < 0.0.31	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53538	Python-Multipart: Semicolon treated as querystring field separator enables parameter smuggling_CVE-2026-53538 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, QuerystringParser treated ; as a field separator in application/x-www...	Kludex	python-multipart < 0.0.30	Jun 22, 2026	CVE
LOW 3.7	CVE-2026-53537	Python-Multipart: Content-Disposition parameter smuggling via RFC 2231/5987 extended parameters_CVE-2026-53537 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.30, parse_options_header parsed Content-Disposition (and Content-Type) he...	Kludex	python-multipart < 0.0.30	Jun 22, 2026	CVE
LOW 2.7	CVE-2026-50269	AIOHTTP: CRLF injection in multipart headers_CVE-2026-50269 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/...	aio-libs	aiohttp < 3.14.0	Jun 22, 2026	CVE
LOW 3.2	CVE-2026-49356	Babel: Arbitrary File Read via sourceMappingURL Comment in @babel/core_CVE-2026-49356 Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a so...	babel	babel >= 8.0.0-alpha.0, < 8.0.0-rc.5	Jun 22, 2026	CVE
LOW 2.3	CVE-2026-9610	Multiple Vulnerabilities in IBM Datacap_CVE-2026-9610 IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the U...	IBM	Datacap 9.1.7	Jun 22, 2026	CVE
LOW 3.8	CVE-2026-8823	User Manager can demote bot accounts to guest without bot-management permission_CVE-2026-8823 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
LOW 3.8	CVE-2026-8074	Improper Permission Check Allows User Manager to Deactivate Bot Accounts_CVE-2026-8074 Mattermost versions 11.7.x	Mattermost	Mattermost 11.7.0	Jun 22, 2026	CVE
LOW 2	CVE-2026-12888	HTML injection in the Canarytoken Google Chat notification_CVE-2026-12888 An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface M...	Thinkst Applied Research	Canarytokens sha-4aef1db90	Jun 22, 2026	CVE