LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 1.8	CVE-2026-48617	CVE-2026-48617_CVE-2026-48617 A flaw in Node.js Permission Model enforcement allows Bypass via `process.report.writeReport()` Path Misvalidation. This can lead to confidentialit...	nodejs	node 22.22.3	Jun 18, 2026	CVE
LOW 2.3	CVE-2026-8668	Hardcoded credentials in embedded content_CVE-2026-8668 A static credential embedded in Chef 360 prior to v1.7.0 permitted unauthenticated access to internal message queues. Queue messages contained ten...	Progress Chef	Chef360	Jun 18, 2026	CVE
LOW 3.5	CVE-2026-12047	pgAdmin 4: HTML injection in cloud verify_credentials / deploy endpoints via unsanitised SDK exception text_CVE-2026-12047 HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /...	pgadmin.org	pgAdmin 4 6.6	Jun 18, 2026	CVE
LOW 3.7	CVE-2026-9143	Incorrect Conversion between Numeric Types in NI grpc-device due to missing range checks in CodeGen_CVE-2026-9143 There is an incorrect conversion between numeric types vulnerability in NI grpc-device due to missing range checks in CodeGen. This may silently d...	NI	grpc-device	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-49871	Apache APISIX: cas-auth login CSRF / session injection issue_CVE-2026-49871 Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that man...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-49231	Apache APISIX: Identity spoofing issue in APISIX opa plugin_CVE-2026-49231 Authentication Bypass by Spoofing vulnerability in opa plugin. An attacker could relay spoofed identity headers to upstream capitalising on non-de...	Apache Software Foundation	Apache APISIX 3.5.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-48895	Apache APISIX: Cas-auth Host header influence on CAS service URL_CVE-2026-48895 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform a...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.1	CVE-2026-44915	Apache APISIX: Cas-auth plugin open redirect via unsanitized cookie value_CVE-2026-44915 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default configuration of cas-auth in Apache APISIX is vuln...	Apache Software Foundation	Apache APISIX 3.0.0	Jun 19, 2026	CVE
LOW 2.3	CVE-2026-44046	Apache APISIX: wolf-rbac plugin Identity Spoofing_CVE-2026-44046 Use of Less Trusted Source vulnerability in Apache APISIX. Attacker can take advantage of wolf-rbac plugin under default configuration to potentia...	Apache Software Foundation	Apache APISIX 1.2.0	Jun 19, 2026	CVE
LOW 3	CVE-2026-49358	PhpWeasyPrint vulnerable to arbitrary file deletion at shutdown via public $temporaryFiles_CVE-2026-49358 PhpWeasyPrint is a PHP library allowing PDF generation from a URL or an HTML page. Prior to version 2.6.0, `AbstractGenerator::$temporaryFiles` is ...	pontedilana	php-weasyprint < 2.6.0	Jun 19, 2026	CVE