LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.3	CVE-2026-28910	CVE-2026-28910_CVE-2026-28910 This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitra...	Apple	macOS	May 11, 2026	CVE
LOW 3.7	CVE-2026-44242	Micronaut Framework: Unbounded bundleCache in ResourceBundleMessageSource Allows Memory Exhaustion via Accept-Language Header_CVE-2026-44242 Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the...	micronaut-projects	micronaut-core < 4.10.22	May 12, 2026	CVE
LOW 3.3	CVE-2026-42445	NanaZip: Uncontrolled recursion in NanaZip UFS directory traversal causes stack exhaustion_CVE-2026-42445 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesy...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42444	NanaZip: Unbounded resource consumption in NanaZip littlefs parser via attacker-controlled BlockCount_CVE-2026-42444 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem i...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42443	NanaZip: Integer divide-by-zero in NanaZip UFS inode offset calculation_CVE-2026-42443 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image par...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42442	NanaZip: Null-pointer dereference in NanaZip UFS parser when root inode is a symlink_CVE-2026-42442 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image pa...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.3	CVE-2026-42355	NanaZip: Uncontrolled recursion in NanaZip Electron ASAR parser causes stack exhaustion_CVE-2026-42355 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archiv...	M2Team	NanaZip >= 5.0.1250.0, < 6.0.1698.0	May 12, 2026	CVE
LOW 3.2	CVE-2026-44220	ciguard: discover_pipeline_files follows symlinks out of scan root_CVE-2026-44220 ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discover_pipeline_files() function in src/ciguard/discovery.py ...	Jo-Jo98	ciguard >= 0.8.0, < 0.8.2	May 12, 2026	CVE
LOW 3.7	CVE-2026-44219	ciguard: SCA HTTP client reads response body without size cap_CVE-2026-44219 ciguard is a static security auditor for CI/CD pipelines. From 0.6.0 to 0.8.1, both SCA HTTP clients (src/ciguard/analyzer/sca/osv.py and src/cigua...	Jo-Jo98	ciguard >= 0.6.0, < 0.8.2	May 12, 2026	CVE
LOW 3	CVE-2026-44218	ciguard: Container image runs as root (no USER directive)_CVE-2026-44218 ciguard is a static security auditor for CI/CD pipelines. From 0.1.0 to 0.8.1, the published ghcr.io/jo-jo98/ciguard container image inherits the d...	Jo-Jo98	ciguard >= 0.1.0, < 0.8.2	May 12, 2026	CVE