LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-44572	Next.js: Middleware / Proxy redirects can be cache-poisoned_CVE-2026-44572 Next.js is a React framework for building full-stack web applications. From 12.2.0 to before 15.5.16 and 16.2.5, an external client could send a x-...	vercel	next.js >= 12.2.0, < 15.5.16	May 13, 2026	CVE
LOW 3.7	CVE-2026-44582	Next.js: Cache poisoning via collisions in React Server Component cache-busting_CVE-2026-44582 Next.js is a React framework for building full-stack web applications. From 13.4.6 to before 15.5.16 and 16.2.5, React Server Component responses c...	vercel	next.js >= 13.4.6, < 15.5.16	May 13, 2026	CVE
LOW 2.9	CVE-2026-45028	Astro: Server island encrypted parameters vulnerable to cross-component replay_CVE-2026-45028 Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island prop...	withastro	astro < 6.1.10	May 13, 2026	CVE
LOW 3.8	CVE-2026-44459	Hono: Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify()_CVE-2026-44459 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate ...	honojs	hono < 4.12.18	May 13, 2026	CVE
LOW 2.3	CVE-2026-42158	Flowsint: Broken Access Control allows modification of investigation metadata from any user_CVE-2026-42158 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a...	reconurge	flowsint < 1.2.3	May 12, 2026	CVE
LOW 3.3	CVE-2026-28957	CVE-2026-28957_CVE-2026-28957 An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iP...	Apple	iOS and iPadOS	May 11, 2026	CVE
LOW 3.3	CVE-2026-28910	CVE-2026-28910_CVE-2026-28910 This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitra...	Apple	macOS	May 11, 2026	CVE
LOW 3.7	CVE-2026-44242	Micronaut Framework: Unbounded bundleCache in ResourceBundleMessageSource Allows Memory Exhaustion via Accept-Language Header_CVE-2026-44242 Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the...	micronaut-projects	micronaut-core < 4.10.22	May 12, 2026	CVE
LOW 3.3	CVE-2026-42445	NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion_CVE-2026-42445 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesy...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42444	NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount_CVE-2026-42444 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem i...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE