LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.7	CVE-2026-33490	h3: Missing Path Segment Boundary Check in `mount()` Causes Middleware Execution on Unrelated Prefix-Matching Routes_CVE-2026-33490 H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h3 uses a simple `startsWith()` check to determi...	h3js	h3 >= 2.0.1-alpha.0, < 2.0.1-rc.17	Mar 26, 2026	CVE
LOW 3.3	CVE-2026-33529	Zoraxy: Authenticated Path Traversal in Config Import leads to RCE_CVE-2026-33529 Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the co...	tobychui	zoraxy < 3.3.2	Mar 26, 2026	CVE
LOW 0.5	CVE-2026-33525	Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting_CVE-2026-33525 Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for applications vi...	authelia	authelia = 4.39.15	Mar 26, 2026	CVE
LOW 2.3	CVE-2026-33644	Lychee has SSRF bypass via DNS rebinding — PhotoUrlRule only validates IP addresses, not hostnames resolving to internal IPs_CVE-2026-33644 Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the SSRF protection in `PhotoUrlRule.php` can be bypassed using DNS re...	LycheeOrg	Lychee < 7.5.2	Mar 26, 2026	CVE
LOW 3.3	CVE-2026-2271	Gimp: gimp: denial of service via crafted psp image file_CVE-2026-2271 A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_...	Red Hat	Red Hat Enterprise Linux 6	Mar 26, 2026	CVE
LOW 2.8	CVE-2026-2239	Gimp: gimp: application crash (dos) via crafted psd file due to heap-buffer-overflow_CVE-2026-2239 A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Ph...	Red Hat	Red Hat Enterprise Linux 7	Mar 26, 2026	CVE
LOW 3.1	CVE-2026-0968	Libssh: libssh: denial of service due to malformed sftp message_CVE-2026-0968 A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field w...	Red Hat	Red Hat Enterprise Linux 10	Mar 26, 2026	CVE
LOW 2.2	CVE-2026-0967	Libssh: libssh: denial of service via inefficient regular expression processing_CVE-2026-0967 A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that ...	Red Hat	Red Hat Enterprise Linux 10	Mar 26, 2026	CVE
LOW 3.3	CVE-2026-0965	Libssh: libssh: denial of service via improper configuration file handling_CVE-2026-0965 A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providin...	Red Hat	Red Hat Enterprise Linux 10	Mar 26, 2026	CVE
LOW 2.3	CVE-2026-33658	Rails Active Storage has a possible DoS vulnerability in proxy mode via multi-range requests_CVE-2026-33658 Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1 Active Storage's...	rails	activestorage >= 8.1.0, < 8.1.2.1	Mar 26, 2026	CVE