LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.9	CVE-2025-59427	Cloudflare vite plugin exposes secrets over the built-in dev server_CVE-2025-59427 The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in i...	cloudflare	workers-sdk < 1.6.0	Sep 19, 2025	CVE
LOW 3.7	CVE-2025-59691	CVE-2025-59691_CVE-2025-59691 PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi rec...	PureVPN	PureVPN CLI 2.0.1	Sep 18, 2025	CVE
LOW 3.7	CVE-2025-59692	CVE-2025-59692_CVE-2025-59692 PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply defaul...	PureVPN	PureVPN CLI 2.0.1	Sep 18, 2025	CVE
LOW 2.7	CVE-2025-59421	Press vulnerable to email flooding to users due to lack of validation and rate limits_CVE-2025-59421 Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor...	frappe	press < 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615	Sep 18, 2025	CVE
LOW 3.7	CVE-2025-30187	Denial of service via crafted DoH exchange in PowerDNS DNSdist_CVE-2025-30187 In some circumstances, when DNSdist is configured to use the nghttp2 library to process incoming DNS over HTTPS queries, an attacker might be able ...	PowerDNS	DNSdist 1.9.0	Sep 18, 2025	CVE
LOW 2.7	CVE-2025-59347	Dragonfly Manager makes requests to external endpoints with disabled TLS authentication_CVE-2025-59347 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, The Manager disables TLS certificate verific...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2	CVE-2025-59349	Directories created via os.MkdirAll are not checked for permissions_CVE-2025-59349 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to ...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59350	Timing attacks against Proxy’s basic authentication are possible_CVE-2025-59350 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy f...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 2.7	CVE-2025-59351	Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error_CVE-2025-59351 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dere...	dragonflyoss	dragonfly < 2.1.0	Sep 17, 2025	CVE
LOW 3.1	CVE-2025-59414	Nuxt Client-Side Path Traversal in Nuxt Island Payload Revival_CVE-2025-59414 Nuxt is an open-source web development framework for Vue.js. Prior to 3.19.0 and 4.1.0, A client-side path traversal vulnerability in Nuxt's Island...	nuxt	nuxt >= 3.6.0 < 3.19.0	Sep 17, 2025	CVE