LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2	CVE-2025-68399	ChurchCRM has Stored Cross-Site Scripting (XSS) In GroupEditor.php_CVE-2025-68399 ChurchCRM is an open-source church management system. In versions prior to 6.5.4, there is a Stored Cross-Site Scripting (XSS) vulnerability within...	ChurchCRM	CRM < 6.5.4	Dec 17, 2025	CVE
LOW 2.8	CVE-2025-65185	CVE-2025-65185_CVE-2025-65185 There is a username enumeration via local user login in Entrinsik Informer v5.10.1 which allows malicious users to enumerate users by entering an O...	n/a	n/a n/a	Dec 17, 2025	CVE
LOW 3.9	CVE-2025-13326	Mattermost Desktop App fails to enable Hardened Runtime when packaged for Mac App Store_CVE-2025-13326 Mattermost Desktop App versions	Mattermost	Mattermost	Dec 17, 2025	CVE
LOW 3.3	CVE-2025-13321	Mattermost Desktop App logging sensitive information and fails to clear data on server deletion_CVE-2025-13321 Mattermost Desktop App versions	Mattermost	Mattermost	Dec 17, 2025	CVE
LOW 1.7	CVE-2025-66646	RIOT-OS has NULL pointer dereference in gnrc_ipv6_ext_frag_reass_CVE-2025-66646 RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded ...	RIOT-OS	RIOT < 2025.10	Dec 17, 2025	CVE
LOW 2.6	CVE-2025-54004	WordPress WCFM – Frontend Manager for WooCommerce plugin <= 6.7.21 - Broken Access Control vulnerability_CVE-2025-54004 Missing Authorization vulnerability in WC Lovers WCFM – Frontend Manager for WooCommerce wc-frontend-manager allows Exploiting Incorrectly Configur...	WC Lovers	WCFM – Frontend Manager for WooCommerce n/a	Dec 16, 2025	CVE
LOW 3	CVE-2025-13352	Mattermost GitHub Plugin allows unauthorized GitHub reactions via reaction forwarding hijacking_CVE-2025-13352 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Dec 17, 2025	CVE
LOW 3.1	CVE-2025-62690	Open redirect in error page when link opened in new tab_CVE-2025-62690 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Dec 17, 2025	CVE
LOW 0.6	CVE-2025-14266	CSRF in Ercom Cryptobox administration console_CVE-2025-14266 CSRF in Ercom Cryptobox administration console allows attacker to trigger some actions on behalf of a Cryptobox administrator. The attack requires ...	Ercom	Cryptobox 4.0.0	Dec 17, 2025	CVE
LOW 2.7	CVE-2025-68142	PyMdown Extensions has ReDOS bug in Figure Capture extension_CVE-2025-68142 PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the f...	facelessuser	pymdown-extensions < 10.16.1	Dec 16, 2025	CVE