LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.5	CVE-2025-5069	Incorrect Ownership Assignment in GitLab_CVE-2025-5069 An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could...	GitLab	GitLab 17.10	Sep 26, 2025	CVE
LOW 3.7	CVE-2025-1396	Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled_CVE-2025-1396 A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system retu...	WSO2	WSO2 Identity Server	Sep 26, 2025	CVE
LOW 2.7	CVE-2025-10173	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update_CVE-2025-10173 The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due ...	roxnor	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution *	Sep 26, 2025	CVE
LOW 2.3	CVE-2025-10977	JeecgBoot deleteBatch improper authorization_CVE-2025-10977 A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of t...	n/a	JeecgBoot 3.8.0	Sep 25, 2025	CVE
LOW 2.3	CVE-2025-10976	JeecgBoot getDepartUserList improper authorization_CVE-2025-10976 A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing m...	n/a	JeecgBoot 3.8.0	Sep 25, 2025	CVE
LOW 3.7	CVE-2025-60019	Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()_CVE-2025-60019 glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentia...	N/A	N/A 2.60	Sep 25, 2025	CVE
LOW 3.3	CVE-2025-36857	Rapid7 Appspider Broken Access Control Vulnerability_CVE-2025-36857 Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mech...	Rapid7	Appspider Pro	Sep 25, 2025	CVE
LOW 2.4	CVE-2025-59838	Monkeytype Vulnerable to Self-XSS on loading saved custom text_CVE-2025-59838 Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved cust...	monkeytypegame	monkeytype < f025b121cbe437e29de432b4aa72e0de22c755b7	Sep 25, 2025	CVE
LOW 3.9	CVE-2025-5494	Privilege Escalation_CVE-2025-5494 ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Cent...	Zohocorp	Endpoint Central	Sep 25, 2025	CVE
LOW 0.5	CVE-2025-59824	Omni Wireguard SideroLink potential escape_CVE-2025-59824 Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to esc...	siderolabs	omni < 0.48.0	Sep 24, 2025	CVE