LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.9	CVE-2026-41080	CVE-2026-41080_CVE-2026-41080 libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.	libexpat project	libexpat	Apr 16, 2026	CVE
LOW 3.1	CVE-2026-3155	OneSignal – Web Push Notifications <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Post Meta Deletion via 'post_id'_CVE-2026-3155 The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is ...	onesignal	OneSignal – Web Push Notifications	Apr 16, 2026	CVE
LOW 2.9	CVE-2026-40947	CVE-2026-40947_CVE-2026-40947 Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.	Yubico	libfido2	Apr 15, 2026	CVE
LOW 3.1	CVE-2026-6313	CVE-2026-6313_CVE-2026-6313 Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process...	Google	Chrome 147.0.7727.101	Apr 15, 2026	CVE
LOW 3.1	CVE-2026-6312	CVE-2026-6312_CVE-2026-6312 Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer pr...	Google	Chrome 147.0.7727.101	Apr 15, 2026	CVE
LOW 3.1	CVE-2026-33212	Weblate: Improper access control for pending tasks in API_CVE-2026-33212 Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose l...	WeblateOrg	weblate < 5.17	Apr 15, 2026	CVE
LOW 3.7	CVE-2026-33877	ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint_CVE-2026-33877 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the pas...	apostrophecms	apostrophe < 4.29.0	Apr 15, 2026	CVE
LOW 3.3	CVE-2026-21727	Grafana Correlations: Cross-Tenant Data Disclosure and Permanent Deletion via Legacy org_id=0 Record_CVE-2026-21727 --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cros...	Grafana	Grafana Correlations 10.2.0	Apr 15, 2026	CVE
LOW 1.3	CVE-2025-12141	Grafana Alerting Editors can edit destination of webhooks they did not create_CVE-2025-12141 In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.n...	Grafana	Grafana Alerting 8.0.0	Apr 15, 2026	CVE
LOW 2.9	CVE-2025-52641	Internal Filesystem Exploration vulnerability_CVE-2025-52641 HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such i...	HCL	AION 2.0	Apr 15, 2026	CVE