LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2025-63396	CVE-2025-63396_CVE-2025-63396 An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang du...	n/a	n/a n/a	Nov 12, 2025	CVE
LOW 3.1	CVE-2025-12817	PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege_CVE-2025-12817 Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS use...	n/a	PostgreSQL 18	Nov 13, 2025	CVE
LOW 3.1	CVE-2025-11777	Cross-team channel membership access_CVE-2025-11777 Mattermost versions 10.11.x	Mattermost	Mattermost 10.11.0	Nov 13, 2025	CVE
LOW 3.3	CVE-2025-46370	CVE-2025-46370_CVE-2025-46370 Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with loca...	Dell	Alienware Command Center 6.x (AWCC) N/A	Nov 13, 2025	CVE
LOW 2.7	CVE-2025-64745	Astro development server error page vulnerable to reflected Cross-site Scripting_CVE-2025-64745 Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Ast...	withastro	astro >= 5.2.0, < 5.15.6	Nov 13, 2025	CVE
LOW 3.5	CVE-2025-64744	OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails_CVE-2025-64744 OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML i...	openobserve	openobserve <= 0.16.1	Nov 13, 2025	CVE
LOW 2.7	CVE-2025-64754	Jitsi Meet has DOM Redirect on Microsoft OAuth Flow_CVE-2025-64754 Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the ...	jitsi	jitsi-meet < 2.0.10532	Nov 13, 2025	CVE
LOW 1.2	CVE-2025-64707	Frappe LMS revoking access did not show immediate effect as roles were cached_CVE-2025-64707 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, when admins r...	frappe	lms >= 2.0.0, < 2.41.0	Nov 12, 2025	CVE
LOW 1.3	CVE-2025-64705	Frappe user was able to access the submission of other students_CVE-2025-64705 Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were ab...	frappe	lms >= 2.0.0, < 2.41.0	Nov 12, 2025	CVE
LOW 3.9	CVE-2025-64711	PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users_CVE-2025-64711 PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging...	PrivateBin	PrivateBin >= 1.7.7, < 2.0.3	Nov 13, 2025	CVE