LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.5	CVE-2025-10867	Allocation of Resources Without Limits or Throttling in GitLab_CVE-2025-10867 An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could ...	GitLab	GitLab 18.1	Sep 26, 2025	CVE
LOW 3.5	CVE-2025-10868	Business Logic Errors in GitLab_CVE-2025-10868 An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certa...	GitLab	GitLab 17.4	Sep 26, 2025	CVE
LOW 3.5	CVE-2025-5069	Incorrect Ownership Assignment in GitLab_CVE-2025-5069 An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could...	GitLab	GitLab 17.10	Sep 26, 2025	CVE
LOW 3.7	CVE-2025-1396	Username Enumeration in Multiple WSO2 Products with Multi-Attribute Login Enabled_CVE-2025-1396 A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system retu...	WSO2	WSO2 Identity Server	Sep 26, 2025	CVE
LOW 2.7	CVE-2025-10173	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.3 - Insufficient Authorization to Authenticated (Editor+) Settings Update_CVE-2025-10173 The ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution plugin for WordPress is vulnerable to unauthorized access due ...	roxnor	ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution *	Sep 26, 2025	CVE
LOW 2.3	CVE-2025-10977	JeecgBoot deleteBatch improper authorization_CVE-2025-10977 A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of t...	n/a	JeecgBoot 3.8.0	Sep 25, 2025	CVE
LOW 2.3	CVE-2025-10976	JeecgBoot getDepartUserList improper authorization_CVE-2025-10976 A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing m...	n/a	JeecgBoot 3.8.0	Sep 25, 2025	CVE
LOW 3.7	CVE-2025-60019	Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based()_CVE-2025-60019 glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentia...	N/A	N/A 2.60	Sep 25, 2025	CVE
LOW 3.3	CVE-2025-36857	Rapid7 Appspider Broken Access Control Vulnerability_CVE-2025-36857 Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mech...	Rapid7	Appspider Pro	Sep 25, 2025	CVE
LOW 2.4	CVE-2025-59838	Monkeytype Vulnerable to Self-XSS on loading saved custom text_CVE-2025-59838 Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved cust...	monkeytypegame	monkeytype < f025b121cbe437e29de432b4aa72e0de22c755b7	Sep 25, 2025	CVE