LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.7	CVE-2026-24140	MyTube has Mass Assignment via Settings Management_CVE-2026-24140 MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the set...	franklioxygen	MyTube < 1.7.79	Jan 23, 2026	CVE
LOW 3.7	CVE-2026-0633	MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor <= 4.1.0 - Unauthenticated Form Submission Exposure via Forgeable Cookie Value_CVE-2026-0633 The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure ...	roxnor	MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor *	Jan 24, 2026	CVE
LOW 2.4	CVE-2025-68132	EVerest has out-of-bounds read in DZG_GSH01 SLIP CRC parser that can crash powermeter driver_CVE-2025-68132 EVerest is an EV charging software stack. Prior to version 2025.12.0, `is_message_crc_correct` in the DZG_GSH01 powermeter SLIP parser reads `vec[v...	EVerest	everest-core < 2025.12.0	Jan 21, 2026	CVE
LOW 3.7	CVE-2026-23996	FastAPI Api Key has a timing side-channel in verify_key that allows statistical key validity detection_CVE-2026-23996 FastAPI Api Key provides a backend-agnostic library that provides an API key system. Version 1.1.0 has a timing side-channel vulnerability in verif...	Athroniaeth	fastapi-api-key < 1.1.0	Jan 21, 2026	CVE
LOW 3.5	CVE-2026-24048	Backstage has a Possible SSRF when reading from allowed URL’s in `backend.reading.allow`_CVE-2026-24048 Backstage is an open framework for building developer portals, and @backstage/backend-defaults provides the default implementations and setup for a...	backstage	backstage < 0.12.2	Jan 21, 2026	CVE
LOW 2.7	CVE-2026-24001	jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch_CVE-2026-24001 jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, and 4.0.4, attempting to parse a patch whose filename head...	kpdecker	jsdiff >= 6.0.0, < 8.0.3	Jan 22, 2026	CVE
LOW 1.8	CVE-2026-1225	Malicious logback.xml configuration file allows instantiation of arbitrary classes_CVE-2026-1225 ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attac...	QOS.CH Sarl	Logback-core 0.9.20	Jan 22, 2026	CVE
LOW 1.3	CVE-2025-12738	Enumeration of restricted property value_CVE-2025-12738 Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some l...	neo4j	Enterprise Edition	Jan 22, 2026	CVE
LOW 3.5	CVE-2026-22281	CVE-2026-22281_CVE-2026-22281 Dell PowerScale OneFS, versions 9.5.0.0 through 9.5.1.5, versions 9.6.0.0 through 9.7.1.10, versions 9.8.0.0 through 9.10.1.3, versions starting fr...	Dell	PowerScale OneFS N/A	Jan 22, 2026	CVE
LOW 3.5	CVE-2026-0798	Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation_CVE-2026-0798 Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from publi...	Gitea	Gitea Open Source Git Server	Jan 22, 2026	CVE