LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.7	CVE-2025-59421	Press vulnerable to email flooding to users due to lack of validation and rate limits_CVE-2025-59421 Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor...	frappe	press < 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615	Sep 18, 2025	CVE
LOW 3.7	CVE-2025-30187	Denial of service via crafted DoH exchange in PowerDNS DNSdist_CVE-2025-30187 In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able ...	PowerDNS	DNSdist 1.9.0	Sep 18, 2025	CVE
LOW 2.7	CVE-2025-59347	Dragonfly Manager makes requests to external endpoints with disabled TLS authentication_CVE-2025-59347 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verific...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2	CVE-2025-59349	Directories created via os.MkdirAll are not checked for permissions_CVE-2025-59349 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to ...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59350	Timing attacks against Proxy’s basic authentication are possible_CVE-2025-59350 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy f...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59351	Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error_CVE-2025-59351 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dere...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 3.1	CVE-2025-59414	Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival_CVE-2025-59414 Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island...	nuxt	nuxt >= 3.6.0 < 3.19.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59345	Dragonfly did not enable authentication for some Manager’s endpoints_CVE-2025-59345 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The /api/v1/jobs and /preheats endpoints in ...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 1.2	CVE-2025-58767	REXML has a DoS condition when parsing malformed XML file_CVE-2025-58767 REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations....	ruby	rexml >= 3.3.3, < 3.4.2	Sep 17, 2025	CVE
LOW 2.6	D84B4564-FBAF-	Exploit for CVE-2024-45712_D84B4564-FBAF-53C3-8249-DA0DB9F7C851 WooCommerce Vulnerability Scanner (CVE-2024-45712) A Python script designed to scan a...	N/A	N/A	Sep 17, 2025	GITHUBEXPLOIT