LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.5	CVE-2025-20382	URL validation bypass through Views Dashboard in Splunk Enterprise_CVE-2025-20382 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2...	Splunk	Splunk Enterprise 10.0	Dec 3, 2025	CVE
LOW 3.7	CVE-2025-64763	Envoy forwards early CONNECT data in TCP proxy mode_CVE-2025-64763 Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, when Envoy is configured in TCP proxy mode...	envoyproxy	envoy >= 1.36.0, <= 1.36.2	Dec 3, 2025	CVE
LOW 3.4	CVE-2025-20769	CVE-2025-20769_CVE-2025-20769 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious ...	MediaTek, Inc.	MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793 Android 14.0, 15.0, 16.0	Dec 2, 2025	CVE
LOW 3.5	CVE-2025-65858	CVE-2025-65858_CVE-2025-65858 A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject malicious JavaScript into the 'username' field ...	n/a	n/a n/a	Dec 2, 2025	CVE
LOW 3.2	CVE-2025-59696	CVE-2025-59696_CVE-2025-59696 Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper ...	n/a	n/a n/a	Dec 2, 2025	CVE
LOW 2.7	CVE-2025-66409	ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling_CVE-2025-66409 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, when AVRCP is enabled o...	espressif	esp-idf >= 5.5-beta1, <= 5.5.1	Dec 2, 2025	CVE
LOW 3.5	CVE-2025-13640	CVE-2025-13640_CVE-2025-13640 Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical ac...	Google	Chrome 143.0.7499.41	Dec 2, 2025	CVE
LOW 3.1	CVE-2025-13870	Unauthorized access and subscription vulnerability in Boards_CVE-2025-13870 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Dec 2, 2025	CVE
LOW 2.3	CVE-2025-13871	The feature to manage resources is prone to Cross-Site Request Forgery attacks_CVE-2025-13871 Cross-Site Request Forgery (CSRF) in the resource-management feature of ObjectPlanet Opinio 7.26 rev12562 allows to upload files on behalf of ...	ObjectPlanet	Opinio 7.26 rev12562	Dec 2, 2025	CVE
LOW 2.1	CVE-2025-13872	Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio_CVE-2025-13872 Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio 7.26 rev12562 on Web-based platforms allows an at...	ObjectPlanet	Opinio 7.26 rev12562	Dec 2, 2025	CVE