LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-42040	Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams_CVE-2026-42040 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchPa...	axios	axios >= 1.0.0, < 1.15.1	Apr 24, 2026	CVE
LOW 2.4	CVE-2026-4313	Stored XSS in AdaptiveGRC_CVE-2026-4313 AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in th...	C&F	AdaptiveGRC 5.420.00	Apr 24, 2026	CVE
LOW 2.1	MS:CVE-2026-5958	Race Condition in GNU Sed_MS:CVE-2026-5958 {“lastseen”:”2026-04-24T07:13:17″,”description”:””,”published”:”2026-04-22T08:01:...	N/A	N/A	Apr 22, 2026	MSCVE
LOW 1.3	CVE-2026-41430	Press vulnerable to reflected XSS on login redirection_CVE-2026-41430 Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect pa...	frappe	press < 16d1b6ca2559f858a1de77bcb03fd7f1b81671c6	Apr 24, 2026	CVE
LOW 2.3	CVE-2026-41358	OpenClaw < 2026.4.2 - Sender Allowlist Bypass via Slack Thread Context_CVE-2026-41358 OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attack...	OpenClaw	OpenClaw	Apr 23, 2026	CVE
LOW 2	CVE-2026-41357	OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends_CVE-2026-41357 OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to...	OpenClaw	OpenClaw	Apr 23, 2026	CVE
LOW 2.3	CVE-2026-41356	OpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate_CVE-2026-41356 OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentia...	OpenClaw	OpenClaw	Apr 23, 2026	CVE
LOW 2.3	CVE-2026-41348	OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands_CVE-2026-41348 OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that fail to enforce group...	OpenClaw	OpenClaw	Apr 23, 2026	CVE
LOW 2.3	CVE-2026-41347	OpenClaw < 2026.3.31 - Cross-Site Request Forgery via Missing Browser-Origin Validation in HTTP Operator Endpoints_CVE-2026-41347 OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, allowing cross-site requ...	OpenClaw	OpenClaw	Apr 23, 2026	CVE
LOW 2.3	CVE-2026-41341	OpenClaw < 2026.3.31 - Component Interaction Misclassification in Discord Extension_CVE-2026-41341 OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messag...	OpenClaw	OpenClaw	Apr 23, 2026	CVE