LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.4	CVE-2026-9062	Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal_CVE-2026-9062 The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such a...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
LOW 3.5	CVE-2026-9061	Agile Store Locator < 1.6.9 - Admin+ Stored XSS via logo_name_CVE-2026-9061 The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store L...	Unknown	Store Locator WordPress	Jun 13, 2026	CVE
LOW 2.3	CVE-2026-53835	OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings_CVE-2026-53835 OpenClaw before 2026.5.6 contains a configuration enforcement bypass vulnerability in Feishu dynamic-agent bindings that allows authenticated sende...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
LOW 2.3	CVE-2026-53826	OpenClaw < 2026.4.26 - Information Disclosure via Sandboxed Session Spawn_CVE-2026-53826 OpenClaw before 2026.4.26 contains an information disclosure vulnerability in sandboxed session spawning that exposes the real workspace path to ch...	OpenClaw	OpenClaw	Jun 12, 2026	CVE
LOW 3.7	CVE-2026-53607	@apostrophecms/file pretty-URL Vulnerable to Unauthenticated SSRF via Host header_CVE-2026-53607 ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@...	apostrophecms	apostrophe <= 4.30.0	Jun 12, 2026	CVE
LOW 2.1	CVE-2026-53724	Parse Server: Stored XSS via trailing-dot filename bypassing file upload extension blocklist_CVE-2026-53724 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.79 and 9.9.1-alpha.4,...	parse-community	parse-server < 8.6.79	Jun 12, 2026	CVE
LOW 3.5	CVE-2026-9269	Secure Copy Content Protection and Content Locking < 5.1.5 - Admin+ Stored XSS via ays_sccp_sub_icon_image Parameter_CVE-2026-9269 The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could...	Unknown	Secure Copy Content Protection and Content Locking	Jun 12, 2026	CVE
LOW 1	CVE-2026-12065	Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme_CVE-2026-12065 A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebVi...	Groww	Stock, Mutual Fund, Gold App 20260805	Jun 12, 2026	CVE
LOW 2.3	CVE-2026-46342	Nuxt: `__nuxt_island` endpoint does not bind responses to request props, enabling shared-cache poisoning_CVE-2026-46342 Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/ni...	nuxt	nuxt >= 3.1.0, < 3.21.6	Jun 12, 2026	CVE
LOW 2.1	CVE-2026-48485	Quest Bot: Stored warn reasons can still trigger bot-powered mass mentions through `/warns`._CVE-2026-48485 Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking...	duck-organization	questbot < 1.1.6	Jun 12, 2026	CVE