LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.8	CVE-2025-64350	WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken Access Control vulnerability_CVE-2025-64350 Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Securit...	Rank Math SEO	Rank Math SEO n/a	Oct 31, 2025	CVE
LOW 3.7	CVE-2025-36249	IBM Jazz for Service Management is vulnerable to “filter” cookie not sent over SSL_CVE-2025-36249 IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers ma...	IBM	Jazz for Service Management 1.1.3.0	Oct 31, 2025	CVE
LOW 1.8	CVE-2025-6075	Quadratic complexity in os.path.expandvars() with user-controlled template_CVE-2025-6075 If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.	Python Software Foundation	CPython	Oct 31, 2025	CVE
LOW 3.1	CVE-2025-23050	CVE-2025-23050_CVE-2025-23050 QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an out-of-bounds read (or division by zero). This i...	Qt	Qt	Oct 31, 2025	CVE
LOW 2.1	CVE-2025-12517	Credits Page not Matching Versions in Use in the Firmware_CVE-2025-12517 Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .	Azure Access Technology	BLU-IC2	Oct 30, 2025	CVE
LOW 3.3	CVE-2025-58183	Unbounded allocation when parsing GNU sparse map in archive/tar_CVE-2025-58183 tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive co...	Go standard library	archive/tar	Oct 29, 2025	CVE
LOW 3.8	CVE-2025-10931	Umami Analytics – Moderately critical – Cross Site Scripting – SA-CONTRIB-2025-109_CVE-2025-10931 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Umami Analytics allows Cross-Site Scri...	Drupal	Umami Analytics 0.0.0	Oct 29, 2025	CVE
LOW 3.5	CVE-2025-10636	NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS_CVE-2025-10636 The NS Maintenance Mode for WP WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege u...	Unknown	NS Maintenance Mode for WP	Oct 30, 2025	CVE
LOW 2.1	CVE-2025-62787	Wazuh Vulnerable to Heap-based Buffer Over-read in DecodeWinevt_CVE-2025-62787 Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeW...	wazuh	wazuh < 4.10.2	Oct 29, 2025	CVE
LOW 3.8	CVE-2025-62794	GitHub Workflow Updater stored the optional Github token in plaintext_CVE-2025-62794 GitHub Workflow Updater is a VS Code extension that automatically pins GitHub Actions to specific commits for enhanced security. Before 0.0.7, any ...	RichardoC	github-workflow-updater-extension < 0.0.7	Oct 28, 2025	CVE