LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2	CVE-2025-31962	HCL BigFix IVR is impacted by an insufficient session expiration vulnerability_CVE-2025-31962 Insufficient session expiration in the Web UI authentication component in HCL BigFix IVR version 4.2 allows an authenticated attacker to gain prolo...	HCLSoftware	BigFix IVR 4.2	Jan 7, 2026	CVE
LOW 3.7	CVE-2025-11235	MOVEit Transfer REST API does not require current password in order to initiate the password change process_CVE-2025-11235 Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MOVEit Transfer: from 2023.1....	Progress	MOVEit Transfer 2023.1.0	Jan 6, 2026	CVE
LOW 3.3	CVE-2026-21674	iccDEV has a Memory Leak in its CIccProfileXml::ParseTag() Error Path_CVE-2026-21674 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnera...	InternationalColorConsortium	iccDEV < 2.3.1.1	Jan 6, 2026	CVE
LOW 2	CVE-2026-21439	badkeys vulnerable to ASCII control character injection on console via malformed input_CVE-2026-21439 badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may injec...	badkeys	badkeys < 0.0.16	Jan 5, 2026	CVE
LOW 2.7	CVE-2025-69230	AIOHTTP Vulnerable to Cookie Parser Warning Storm_CVE-2025-69230 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can ...	aio-libs	aiohttp < 3.13.3	Jan 5, 2026	CVE
LOW 2.7	CVE-2025-69225	AIOHTTP Regex Mismatch Allows Unicode in ASCII-Only Protocol Fields_CVE-2025-69225 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASC...	aio-libs	aiohttp < 3.13.3	Jan 5, 2026	CVE
LOW 3.5	CVE-2025-9543	FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS_CVE-2025-9543 The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privi...	Unknown	FlexTable	Jan 5, 2026	CVE
LOW 2.3	CVE-2025-15454	zhanglun lettura RSS ContentRender.tsx cross site scripting_CVE-2025-15454 A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/Co...	zhanglun	lettura 0.1.0	Jan 5, 2026	CVE
LOW 2	CVE-2026-21429	Emlog has Broken Access Control (BAC)_CVE-2026-21429 Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their art...	emlog	emlog = 2.5.23	Jan 2, 2026	CVE
LOW 2	CVE-2026-21431	Emlog vulnerable to stored Cross-site Scripting via image name_CVE-2026-21431 Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` fu...	emlog	emlog = 2.5.23	Jan 2, 2026	CVE