LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-42874	Microdot: HTTP response splitting in Response.set_cookie()_CVE-2026-42874 Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.set_cookie() method does not sanitize its string arguments, and in pa...	miguelgrinberg	microdot < 2.6.1	May 11, 2026	CVE
LOW 2.3	CVE-2026-5266	CVE-2026-5266_CVE-2026-5266 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with prog...	Wikimedia Foundation	Echo *	May 11, 2026	CVE
LOW 2.3	CVE-2026-45000	OpenClaw < 2026.4.20 - Server-Side Request Forgery via Browser CDP Profile Creation_CVE-2026-45000 OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy c...	OpenClaw	OpenClaw	May 11, 2026	CVE
LOW 2.3	CVE-2026-44998	OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools_CVE-2026-44998 OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions...	OpenClaw	OpenClaw	May 11, 2026	CVE
LOW 2.3	CVE-2026-44997	OpenClaw < 2026.4.22 - Security Envelope Constraint Bypass in ACP Child Sessions_CVE-2026-44997 OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions th...	OpenClaw	OpenClaw	May 11, 2026	CVE
LOW 2.3	CVE-2026-44993	OpenClaw < 2026.4.20 - Direct Message Misclassification in Feishu Card Actions_CVE-2026-44993 OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as gro...	OpenClaw	OpenClaw	May 11, 2026	CVE
LOW 2.3	CVE-2026-44991	OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders_CVE-2026-44991 OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced...	OpenClaw	OpenClaw	May 11, 2026	CVE
LOW 2.4	CVE-2026-44658	Zen Browser: RSS Live-Folder Item URLs Are Not Scheme-Restricted Before Trusted Tab Creation_CVE-2026-44658 Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item...	zen-browser	desktop < 1.19.12b	May 11, 2026	CVE
LOW 2	CVE-2026-34094	Customized help link for page protection indicator is relative to subpage name, because the link target is missing the “/wiki/” prefix_CVE-2026-34094 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Page/Article.Php. This issue aff...	Wikimedia Foundation	MediaWiki *	May 11, 2026	CVE
LOW 1.1	CVE-2026-34093	Special:UserRights allows viewing user rights from private wiki_CVE-2026-34093 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with...	Wikimedia Foundation	MediaWiki *	May 11, 2026	CVE