LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-44489	Axios: Proxy-Authorization Header Injection via Prototype Pollution — Incomplete Null-Prototype Fix_CVE-2026-44489 Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., conf...	axios	axios 1.15.2	Jun 11, 2026	CVE
LOW 2.6	CVE-2026-9694	Improper Neutralization of Substitution Characters in GitLab_CVE-2026-9694 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 15.9	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-6976	Authorization Bypass Through User-Controlled Key in GitLab_CVE-2026-6976 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 15.9	Jun 11, 2026	CVE
LOW 3.1	CVE-2026-3553	Incorrect Authorization in GitLab_CVE-2026-3553 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that u...	GitLab	GitLab 12.0	Jun 11, 2026	CVE
LOW 3.7	CVE-2026-41000	WSS4J validation does not use configured replay cache_CVE-2026-41000 Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, pro...	Spring	Spring Web Services 5.0.0	Jun 11, 2026	CVE
LOW 3.3	CVE-2026-47712	Dulwich doesn’t sanitize commit subjects in `porcelain.format_patch`_CVE-2026-47712 Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porce...	jelmer	dulwich >= 0.24.0, < 1.2.5	Jun 10, 2026	CVE
LOW 3.7	CVE-2026-48011	Shopware: Timing-attack on admin panel allowing enumeration of administrator usernames_CVE-2026-48011 Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator us...	shopware	shopware >= 6.7.0.0, < 6.7.10.1	Jun 10, 2026	CVE
LOW 2.3	CVE-2026-46668	SpiceDB: Caveat structures with nested lists can result in improper cache reuse_CVE-2026-46668 SpiceDB is an open source database system for creating and managing security-critical application permissions. From version 1.15.0 to before versio...	authzed	spicedb >= 1.15.0, < 1.52.0	Jun 10, 2026	CVE
LOW 3.6	CVE-2026-45380	bit7z: Path Traversal via Null Byte Injection from `gcount()` Off-by-One in `restoreSymlink()`_CVE-2026-45380 bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-on...	rikyoz	bit7z < 4.0.12	Jun 10, 2026	CVE
LOW 1.1	CVE-2026-0266	PAN-OS: Stored Cross-Site Scripting (XSS) Vulnerability in the Web Interface_CVE-2026-0266 A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaSc...	Palo Alto Networks	Cloud NGFW All	Jun 10, 2026	CVE