LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-49433	DeepAI api.deepai.org/change_user_email CSRF_CVE-2026-49433 The DeepAI endpoint 'https://api.deepai.org/change_user_email' accepts POST requests without any CSRF protection. If an attacker can trick a logged...	DeepAI	api.deepai.org	Jun 1, 2026	CVE
LOW 3.3	CVE-2026-45278	Nextcloud: Open Redirect in user_oidc login flow via protocol-relative URL bypass_CVE-2026-45278 Nextcloud is an open source content collaboration platform. From version 6.1.0 to before version 8.2.2, an attacker can craft links that would redi...	nextcloud	security-advisories >= 6.1.0, < 8.2.2	Jun 1, 2026	CVE
LOW 3.3	CVE-2026-45277	Nextcloud: Information disclosure in Nextcloud Approval app via fileId parameter reveals workflow associations_CVE-2026-45277 Nextcloud is an open source content collaboration platform. Prior to version 2.7.2, authenticated users can check if arbitrary files are associated...	nextcloud	security-advisories < 2.7.2	Jun 1, 2026	CVE
LOW 3.9	CVE-2026-30963	Capsule Namespace Hijacking via subresource_CVE-2026-30963 Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operation...	projectcapsule	capsule < 0.13.0	Jun 1, 2026	CVE
LOW 3.1	MS:CVE-2026-9950	Chromium: CVE-2026-9950 Insufficient validation of untrusted input in iOS_MS:CVE-2026-9950 This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Rel...	N/A	N/A	May 31, 2026	MSCVE
LOW 3.1	CVE-2026-45426	Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access_CVE-2026-45426 Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache...	Apache Software Foundation	Apache Airflow 3.0.0	Jun 1, 2026	CVE
LOW 3.5	CVE-2026-45266	Nextcloud: Unauthorized force-mute from missing permission check when using internal signaling_CVE-2026-45266 Nextcloud is an open source content collaboration platform. Prior to versions 21.1.10, 22.0.11, and 23.0.3, a low-privileged user can force other u...	nextcloud	security-advisories < 21.1.10	Jun 1, 2026	CVE
LOW 3.5	CVE-2026-45159	Nextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share owner_CVE-2026-45159 Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1...	nextcloud	security-advisories >= 1.15.0, < 1.15.4	Jun 1, 2026	CVE
LOW 2.6	CVE-2026-45155	Nextcloud: Private circle can be added to another circle via API_CVE-2026-45155 Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.7 and 33.0.0 to before 33.0.1, ...	nextcloud	security-advisories >= 32.0.0, < 32.0.7	Jun 1, 2026	CVE
LOW 2.6	CVE-2026-45154	Nextcloud: Improper Access Control in Collectives_CVE-2026-45154 Nextcloud is an open source content collaboration platform. From version 2.6.0 to before version 4.3.0, when a previous collective pages was delete...	nextcloud	security-advisories >= 2.6.0, < 4.3.0	Jun 1, 2026	CVE