LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.4	CVE-2025-20769	CVE-2025-20769_CVE-2025-20769 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious ...	MediaTek, Inc.	MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793 Android 14.0, 15.0, 16.0	Dec 2, 2025	CVE
LOW 3.5	CVE-2025-65858	CVE-2025-65858_CVE-2025-65858 A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field ...	n/a	n/a n/a	Dec 2, 2025	CVE
LOW 3.2	CVE-2025-59696	CVE-2025-59696_CVE-2025-59696 Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper ...	n/a	n/a n/a	Dec 2, 2025	CVE
LOW 2.7	CVE-2025-66409	ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling_CVE-2025-66409 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled o...	espressif	esp-idf >= 5.5-beta1, <= 5.5.1	Dec 2, 2025	CVE
LOW 3.5	CVE-2025-13640	CVE-2025-13640_CVE-2025-13640 Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical ac...	Google	Chrome 143.0.7499.41	Dec 2, 2025	CVE
LOW 3.1	CVE-2025-13870	Unauthorized access and subscription vulnerability in Boards_CVE-2025-13870 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Dec 2, 2025	CVE
LOW 2.3	CVE-2025-13871	The feature to manage resources is prone to Cross-Site Request Forgery attacks_CVE-2025-13871 Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of ...	ObjectPlanet	Opinio 7.26 rev12562	Dec 2, 2025	CVE
LOW 2.1	CVE-2025-13872	Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio_CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an at...	ObjectPlanet	Opinio 7.26 rev12562	Dec 2, 2025	CVE
LOW 3.5	CVE-2025-13129	Business Logic Error in Seneka Software’s Onaylarım_CVE-2025-13129 Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co...	Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co.	Onaylarım 25.09.26.01	Dec 1, 2025	CVE
LOW 2.1	CVE-2025-13837	Out-of-memory when loading Plist_CVE-2025-13837 When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues	Python Software Foundation	CPython	Dec 1, 2025	CVE