LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.7	CVE-2026-22690	pypdf has possible long runtimes for missing /Root object with large /Size values_CVE-2026-22690 pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with lar...	py-pdf	pypdf < 6.6.0	Jan 10, 2026	CVE
LOW 3.5	CVE-2026-22602	OpenProject is Vulnerable to User Enumeration via User ID_CVE-2026-22602 OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full na...	opf	openproject < 16.6.2	Jan 10, 2026	CVE
LOW 3.5	CVE-2025-62487	Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files._CVE-2025-62487 ### Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the...	Palantir	com.palantir.acme:gotham-default-apps-bundle 100.30251002.0	Jan 9, 2026	CVE
LOW 2.7	CVE-2025-46676	CVE-2025-46676_CVE-2025-46676 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release versio...	Dell	PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release 7.7.1.0	Jan 9, 2026	CVE
LOW 2.3	CVE-2025-46643	CVE-2025-46643_CVE-2025-46643 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.4.0.0, LTS2025 release versio...	Dell	PowerProtect Data Domain with Data Domain Operating System (DD OS) Feature Release 7.7.1.0	Jan 9, 2026	CVE
LOW 3.5	CVE-2025-3950	Exposure of Private Personal Information to an Unauthorized Actor in GitLab_CVE-2025-3950 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that coul...	GitLab	GitLab 10.3	Jan 9, 2026	CVE
LOW 2.1	CVE-2026-20975	CVE-2026-20975_CVE-2026-20975 Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary ...	Samsung Mobile	Samsung Cloud 5.6.11	Jan 9, 2026	CVE
LOW 2.3	CVE-2026-20969	CVE-2026-20969_CVE-2026-20969 Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interacti...	Samsung Mobile	Samsung Mobile Devices SMR Jan-2026 Release in Selected Android 13, 14, 15, 16 devices	Jan 9, 2026	CVE
LOW 2.3	CVE-2026-22710	Stored XSS through autocomment system messages in Wikibase_CVE-2026-22710 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - W...	The Wikimedia Foundation	Mediawiki - Wikibase Extension 1.45	Jan 8, 2026	CVE
LOW 2.3	CVE-2026-22714	i18n XSS, DoS and config SQLI in Monaco_CVE-2026-22714 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - M...	The Wikimedia Foundation	Mediawiki - Monaco Skin 1.45	Jan 8, 2026	CVE