LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.1	CVE-2026-7259	Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()_CVE-2026-7259 In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguru...	PHP Group	PHP 8.2.*	May 10, 2026	CVE
LOW 2.2	CVE-2026-45182	CVE-2026-45182_CVE-2026-45182 GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayloa...	GrapheneOS	GrapheneOS	May 9, 2026	CVE
LOW 2.3	CVE-2026-42245	net-imap: Quadratic complexity when reading response literals_CVE-2026-42245 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::...	ruby	net-imap < 0.4.24	May 9, 2026	CVE
LOW 2.3	CVE-2026-42183	Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go)_CVE-2026-42183 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before versi...	argoproj	argo-workflows >= 4.0.0, < 4.0.5	May 9, 2026	CVE
LOW 3.8	CVE-2026-44987	SysReptor: Privilege Escalation from User Admin to Superuser_CVE-2026-44987 SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email ad...	Syslifters	sysreptor < 2026.29	May 8, 2026	CVE
LOW 2.3	CVE-2026-44286	FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation_CVE-2026-44286 FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows atta...	labring	FastGPT < 4.14.17	May 8, 2026	CVE
LOW 3.4	CVE-2026-42195	Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host_CVE-2026-42195 draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter t...	jgraph	drawio < 29.7.9	May 8, 2026	CVE
LOW 2.3	CVE-2026-42794	Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug_CVE-2026-42794 Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scrip...	absinthe-graphql	absinthe_plug 1.2.0	May 8, 2026	CVE
LOW 2.3	CVE-2026-41889	pgx: SQL Injection via placeholder confusion with dollar quoted string literals_CVE-2026-41889 pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a doll...	jackc	pgx < 5.9.2	May 8, 2026	CVE
LOW 3.3	CVE-2026-32803	CVE-2026-32803_CVE-2026-32803 Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains a...	Dell	PowerScale OneFS	May 8, 2026	CVE