LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2025-11777	Cross-team channel membership access_CVE-2025-11777 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Nov 13, 2025	CVE
LOW 3.3	CVE-2025-46370	CVE-2025-46370_CVE-2025-46370 Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with loca...	Dell	Alienware Command Center 6.x (AWCC) N/A	Nov 13, 2025	CVE
LOW 2.7	CVE-2025-64745	Astro development server error page vulnerable to reflected Cross-site Scripting_CVE-2025-64745 Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Ast...	withastro	astro >= 5.2.0, < 5.15.6	Nov 13, 2025	CVE
LOW 3.5	CVE-2025-64744	OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails_CVE-2025-64744 OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML i...	openobserve	openobserve <= 0.16.1	Nov 13, 2025	CVE
LOW 2.7	CVE-2025-64754	Jitsi Meet has DOM Redirect on Microsoft OAuth Flow_CVE-2025-64754 Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the ...	jitsi	jitsi-meet < 2.0.10532	Nov 13, 2025	CVE
LOW 1.2	CVE-2025-64707	Frappe LMS revoking access did not show immediate effect as roles were cached_CVE-2025-64707 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins r...	frappe	lms >= 2.0.0, < 2.41.0	Nov 12, 2025	CVE
LOW 1.3	CVE-2025-64705	Frappe user was able to access the submission of other students_CVE-2025-64705 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were ab...	frappe	lms >= 2.0.0, < 2.41.0	Nov 12, 2025	CVE
LOW 3.9	CVE-2025-64711	PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users_CVE-2025-64711 PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging...	PrivateBin	PrivateBin >= 1.7.7, < 2.0.3	Nov 13, 2025	CVE
LOW 3.8	CVE-2025-63678	CVE-2025-63678_CVE-2025-63678 An authenticated arbitrary file upload vulnerability in the /uploads/ endpoint of CMS Made Simple Foundation File Manager v2.2.22 allows attackers ...	n/a	n/a n/a	Nov 10, 2025	CVE
LOW 3.5	CVE-2025-20379	Risky command safeguards bypass using the “/services/streams/search“ REST endpoint through “q“ parameter in Splunk Enterprise_CVE-2025-20379 In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503....	Splunk	Splunk Enterprise 10.0	Nov 12, 2025	CVE