LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.1	CVE-2026-41398	OpenClaw – Unauthorized Agent Request Dispatch via Untrusted Local-Network Pages in iOS A2UI Bridge_CVE-2026-41398 OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as truste...	OpenClaw	OpenClaw	Apr 28, 2026	CVE
LOW 2.3	CVE-2026-41382	OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps_CVE-2026-41382 OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and membe...	OpenClaw	OpenClaw	Apr 28, 2026	CVE
LOW 2.3	CVE-2026-41381	OpenClaw < 2026.3.31 - Access Control Bypass in Discord Voice Manager via Channel Allowlist_CVE-2026-41381 OpenClaw before 2026.3.31 contains an access control bypass vulnerability in the Discord voice manager that allows attackers to bypass channel-leve...	OpenClaw	OpenClaw	Apr 28, 2026	CVE
LOW 2.3	CVE-2026-41376	OpenClaw < 2026.3.31 - Matrix Thread Context Allowlist Bypass via Sender Validation_CVE-2026-41376 OpenClaw before 2026.3.31 contains an allowlist bypass vulnerability in Matrix thread root and reply context handling that fails to properly valida...	OpenClaw	OpenClaw	Apr 28, 2026	CVE
LOW 2.1	CVE-2026-40556	Insecure Directory Permissions in GNU nano Leading to Privilege Abuse_CVE-2026-40556 GNU nano creates the user’s ~/.local directory with overly permissive permissions when the directory does not exist yet. On first use of features r...	GNU	nano 2.9.1	Apr 28, 2026	CVE
LOW 3.7	CVE-2026-40969	Spring gRPC AuthenticationException message reflected to remote client_CVE-2026-40969 The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This ...	Spring	Spring gRPC 1.0.0	Apr 28, 2026	CVE
LOW 2.3	CVE-2026-41362	OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache Event Suppression via Shared Authentication_CVE-2026-41362 OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is ...	OpenClaw	OpenClaw 2026.2.19	Apr 27, 2026	CVE
LOW 2	CVE-2025-54505	CVE-2025-54505_CVE-2025-54505 A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, po...	AMD	AMD EPYC™ 7001 Series Processors OS update	Apr 27, 2026	CVE
LOW 2.3	CVE-2026-7085	HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal_CVE-2026-7085 A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/a...	HBAI-Ltd	Toonflow-app 1.1.0	Apr 27, 2026	CVE
LOW 3.1	CVE-2026-41488	angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding_CVE-2026-41488 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_n...	langchain-ai	langchain-openai < 1.1.14	Apr 24, 2026	CVE