LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2026-27781	kernel_liteos_a has an integer overflow vulnerability_CVE-2026-27781 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	OpenHarmony	OpenHarmony v5.0.3	May 19, 2026	CVE
LOW 3.3	CVE-2026-25110	Sensors_medical_sensor has a NULL pointer dereference vulnerability_CVE-2026-25110 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	OpenHarmony	OpenHarmony v5.0.3	May 19, 2026	CVE
LOW 3.5	8CE4761E-40E3-	Exploit for CVE-2025-11203_8CE4761E-40E3-5285-948E-9190434686A1 CVE-2025-11203 — LiteLLM Health Endpoint APIKEY Information Disclosure LiteLLM versions 未正确过滤敏感信息，导致已认证用户可获取其他模型配置中存储...	N/A	N/A	May 19, 2026	GITHUBEXPLOIT
LOW 3.9	CVE-2026-27964	FacturaScripts: Reflected Cross-Site Scripting (XSS) via Cookie Manipulation_CVE-2026-27964 FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulner...	NeoRazorX	facturascripts < 2025.8	May 18, 2026	CVE
LOW 2.1	CVE-2026-45244	Summarize < 0.15.1 Unapproved Browser Automation Execution_CVE-2026-45244 Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-ca...	steipete	summarize	May 18, 2026	CVE
LOW 2.4	CVE-2026-47090	Claude HUD 0.0.12 Terminal Injection via OSC 8 Hyperlinks_CVE-2026-47090 Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values witho...	jarrodwatts	claude-hud	May 18, 2026	CVE
LOW 3.5	CVE-2026-6333	SSRF via Host Header Spoofing in Custom Slash Commands_CVE-2026-6333 Mattermost versions 11.5.x	Mattermost	Mattermost 11.5.0	May 18, 2026	CVE
LOW 3.5	CVE-2026-4643	Calling window.close() from server-side content causes crash in the Mattermost Desktop App_CVE-2026-4643 Mattermost Desktop App versions	Mattermost	Mattermost	May 18, 2026	CVE
LOW 3.1	CVE-2026-4286	Playbooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook update_CVE-2026-4286 Mattermost versions 11.5.x	Mattermost	Mattermost 11.5.0	May 18, 2026	CVE
LOW 3.7	MS:CVE-2026-6638	PostgreSQL REFRESH PUBLICATION allows SQL injection via table name_MS:CVE-2026-6638 {“lastseen”:”2026-05-18T09:15:25″,”description”:””,”published”:”2026-05-16T08:04:...	N/A	N/A	May 16, 2026	MSCVE