LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.1	CVE-2025-40803	CVE-2025-40803_CVE-2025-40803 A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions). The affected device exposes certain non-critical informat...	Siemens	RUGGEDCOM RST2428P	Sep 9, 2025	CVE
LOW 3.1	CVE-2025-42914	Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)_CVE-2025-42914 Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to ...	SAP_SE	SAP HCM (My Timesheet Fiori 2.0 application) GBX01HR5 605	Sep 9, 2025	CVE
LOW 3.1	CVE-2025-42913	Missing Authorization check in SAP HCM (My Timesheet Fiori 2.0 application)_CVE-2025-42913 Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to ...	SAP_SE	SAP HCM (My Timesheet Fiori 2.0 application) GBX01HR5 605	Sep 9, 2025	CVE
LOW 3.4	CVE-2025-42927	Information Disclosure due to Outdated OpenSSL Version in SAP NetWeaver AS Java (Adobe Document Service)_CVE-2025-42927 SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable version of OpenSSL.Successful exploitation of known vuln...	SAP_SE	SAP NetWeaver AS Java (Adobe Document Service) ADSSAP 7.50	Sep 9, 2025	CVE
LOW 2.1	CVE-2025-43774	CVE-2025-43774_CVE-2025-43774 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.17 allows a remote ...	Liferay	Portal 7.4.3.132	Sep 9, 2025	CVE
LOW 2.1	CVE-2025-58452	WeGIA vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint ‘listar_despachos.php’ parameter ‘id_memorando’_CVE-2025-58452 WeGIA is a Web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_despachos.php...	LabRedesCefetRJ	WeGIA < 3.4.11	Sep 8, 2025	CVE
LOW 2.3	CVE-2025-58751	Vite middleware may serve files starting with the same name with the public directory_CVE-2025-58751 Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the ...	vitejs	vite < 5.4.20	Sep 8, 2025	CVE
LOW 2.3	CVE-2025-58752	Vite’s `server.fs` settings were not applied to HTML files_CVE-2025-58752 Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served r...	vitejs	vite < 5.4.20	Sep 8, 2025	CVE
LOW 1.7	CVE-2025-57815	Fides Lacks Brute-Force Protections on Authentication Endpoints_CVE-2025-57815 Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the Fides Admin UI login endpoint relies on a general IP-based rate ...	ethyca	fides < 2.69.1	Sep 8, 2025	CVE
LOW 1.7	CVE-2025-57766	Fides’s Admin UI User Password Change Does Not Invalidate Current Session_CVE-2025-57766 Fides is an open-source privacy engineering platform. Prior to version 2.69.1, admin UI user password changes in Fides do not invalidate active use...	ethyca	fides < 2.69.1	Sep 8, 2025	CVE