LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.7	CVE-2025-59347	Dragonfly Manager makes requests to external endpoints with disabled TLS authentication_CVE-2025-59347 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verific...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2	CVE-2025-59349	Directories created via os.MkdirAll are not checked for permissions_CVE-2025-59349 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to ...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59350	Timing attacks against Proxy’s basic authentication are possible_CVE-2025-59350 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy f...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59351	Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error_CVE-2025-59351 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dere...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 3.1	CVE-2025-59414	Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival_CVE-2025-59414 Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island...	nuxt	nuxt >= 3.6.0 < 3.19.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59345	Dragonfly did not enable authentication for some Manager’s endpoints_CVE-2025-59345 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in ...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 1.2	CVE-2025-58767	REXML has a DoS condition when parsing malformed XML file_CVE-2025-58767 REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations....	ruby	rexml >= 3.3.3, < 3.4.2	Sep 17, 2025	CVE
LOW 2.6	D84B4564-FBAF-	Exploit for CVE-2024-45712_D84B4564-FBAF-53C3-8249-DA0DB9F7C851 WooCommerce Vulnerability Scanner (CVE-2024-45712) A Python script designed to scan a...	N/A	N/A	Sep 17, 2025	GITHUBEXPLOIT
LOW 2.7	CVE-2025-59161	In Element Web and Element Desktop, a malicious room can hide an unrelated room and cause it to be left when the malicious room is left_CVE-2025-59161 Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient vali...	element-hq	element-web < 1.11.112	Sep 16, 2025	CVE
LOW 3.3	CVE-2025-43301	CVE-2025-43301_CVE-2025-43301 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, m...	Apple	macOS unspecified	Sep 15, 2025	CVE