LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.5	CVE-2026-32970	OpenClaw < 2026.3.11 - Credential Fallback Logic Bypass via Unavailable Local Auth SecretRefs_CVE-2026-32970 OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretR...	OpenClaw	OpenClaw	Mar 31, 2026	CVE
LOW 3.1	CVE-2026-0397	Information disclosure via CORS misconfiguration_CVE-2026-0397 When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visi...	PowerDNS	DNSdist 1.9.0	Mar 31, 2026	CVE
LOW 3.1	CVE-2026-0396	HTML injection in the web dashboard_CVE-2026-0396 An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-...	PowerDNS	DNSdist 1.9.0	Mar 31, 2026	CVE
LOW 2.8	CVE-2026-33762	go-git: Missing validation decoding Index v4 files leads to panic_CVE-2026-33762 go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-git’s index decoder for format version 4 fails t...	go-git	go-git < 5.17.1	Mar 31, 2026	CVE
LOW 2.1	CVE-2026-34224	Parse Server: MFA single-use token bypass via concurrent authData login requests_CVE-2026-34224 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8,...	parse-community	parse-server < 8.6.64	Mar 31, 2026	CVE
LOW 2	CVE-2026-33073	discourse-subscriptions plugin leaking stripe API key in multisite environment_CVE-2026-33073 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.3	Mar 31, 2026	CVE
LOW 2.1	CVE-2026-32607	Discourse: Stored XSS via unescaped assignee name_CVE-2026-32607 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0...	discourse	discourse >= 2026.1.0-latest, < 2026.1.3	Mar 31, 2026	CVE
LOW 2.7	CVE-2026-34203	Nautobot: Management of users via REST API does not apply configured password validators_CVE-2026-34203 Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST ...	nautobot	nautobot < 2.4.30	Mar 31, 2026	CVE
LOW 3.8	CVE-2026-3470	CVE-2026-3470_CVE-2026-3470 A vulnerability exists in the SonicWall Email Security appliance due to improper input sanitization that may lead to data corruption, allowing a re...	SonicWall	Email Security 10.0.34.8215 and earlier versions	Mar 31, 2026	CVE
LOW 2.7	CVE-2026-3469	CVE-2026-3469_CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authen...	SonicWall	Email Security 10.0.34.8215 and earlier versions	Mar 31, 2026	CVE