LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-45757	Rocket.Chat: users.deactivateIdle` deactivates accounts without revoking existing login tokens_CVE-2026-45757 Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.6, 7.13.8, and 7...	RocketChat	Rocket.Chat >= 8.5.0-rc.0, < 8.5.0	Jun 24, 2026	CVE
LOW 1.7	CVE-2026-49246	Jellyfin: Potential MKV attachment filename path traversal to RCE_CVE-2026-49246 Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leve...	jellyfin	jellyfin < 10.11.10	Jun 24, 2026	CVE
LOW 2.1	CVE-2026-54906	concurrent-ruby: ReadWriteLock allows wrong-thread write release and stray read-release counter corruption_CVE-2026-54906 concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReadWriteLock#release_write_lock does not verify that the calli...	ruby-concurrency	concurrent-ruby < 1.3.7	Jun 24, 2026	CVE
LOW 2	CVE-2026-54905	concurrent-ruby: `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity_CVE-2026-54905 concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after...	ruby-concurrency	concurrent-ruby < 1.3.7	Jun 24, 2026	CVE
LOW 3.7	CVE-2026-57288	CVE-2026-57288_CVE-2026-57288 Jenkins Active Directory Plugin 2.41.1 and earlier does not escape the user name before building the LDAP search filter in the Windows native (ADSI...	Jenkins Project	Jenkins Active Directory Plugin	Jun 24, 2026	CVE
LOW 2.7	CVE-2026-10753	Site Kit by Google < 1.176.0 - Editor+ Email Reporting Settings Update_CVE-2026-10753 The Site Kit by Google WordPress plugin before 1.176.0 does not properly restrict a REST API write endpoint to administrators, allowing lower-priv...	Unknown	Site Kit by Google	Jun 24, 2026	CVE
LOW 1.1	CVE-2026-13140	Stored Cross-Site Scripting in Canarytokens.org_CVE-2026-13140 Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledg...	Thinkst Applied Research	Canarytokens sha-4116b92cb	Jun 24, 2026	CVE
LOW 2.3	CVE-2026-46554	NocoDB: Stale Auth Cache After API Token Deletion_CVE-2026-46554 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.4, deleted API tokens continued to authenticate requests until their ca...	nocodb	nocodb < 2026.04.4	Jun 23, 2026	CVE
LOW 2.1	CVE-2026-46553	NocoDB: Attachment Size Limit Bypass via Upload-by-URL_CVE-2026-46553 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the upload-by-URL path did not enforce NC_ATTACHMENT_FIELD_SIZE agai...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE
LOW 2	CVE-2026-46549	NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation_CVE-2026-46549 NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_reso...	nocodb	nocodb < 2026.04.1	Jun 23, 2026	CVE