LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 1.8	CVE-2026-0428	CVE-2026-0428_CVE-2026-0428 Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to wri...	AMD	AMD Instinct™ MI300A BKC 26	May 15, 2026	CVE
LOW 1.8	CVE-2025-66660	CVE-2025-66660_CVE-2025-66660 Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause in...	AMD	AMD Radeon™ RX 6000 Series Graphics Products AMD Software: Adrenalin Edition 25.12.1 (25.10.37.01)	May 15, 2026	CVE
LOW 3.1	CVE-2026-8553	CVE-2026-8553_CVE-2026-8553 Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out...	Google	Chrome 148.0.7778.168	May 14, 2026	CVE
LOW 2.1	CVE-2026-44428	MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience_CVE-2026-44428 The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-sid...	modelcontextprotocol	registry < 1.7.6	May 14, 2026	CVE
LOW 3.5	CVE-2026-45781	MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims_CVE-2026-45781 The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips...	modelcontextprotocol	registry < 1.7.9	May 14, 2026	CVE
LOW 3.7	CVE-2026-44589	nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect)_CVE-2026-44589 Nuxt OG Image generates OG Images with Vue templates in Nuxt. The isBlockedUrl() denylist introduced in [email protected] to remediate GHSA-pqhr-...	nuxt-modules	og-image >= 6.2.5, < 6.4.9	May 14, 2026	CVE
LOW 3.1	CVE-2026-27680	CSS Injection vulnerability in SAP NetWeaver Application Server ABAP_CVE-2026-27680 Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style ...	SAP_SE	SAP NetWeaver Application Server ABAP SAP_UI 758	May 14, 2026	CVE
LOW 2.1	CVE-2026-22706	Strapi: Password Reset Does Not Revoke Existing Refresh Sessions_CVE-2026-22706 Strapi is an open source headless content management system. In Strapi versions prior to 5.33.3, changing or resetting a user's password did not in...	strapi	strapi < 5.33.3	May 14, 2026	CVE
LOW 2.5	CVE-2026-44638	libsixel: NULL pointer dereference_CVE-2026-44638 libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in si...	saitoha	libsixel >= 1.0.0, < 1.8.7-r2	May 14, 2026	CVE
LOW 2.3	CVE-2026-42186	OpenBao’s Namespace Deletion May Not Delete Data Properly_CVE-2026-42186 OpenBao is an open source identity-based secrets management system. Prior to 2.5.3, when OpenBao's initial namespace deletion fails, subsequent ret...	openbao	openbao < 2.5.3	May 14, 2026	CVE