LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2	CVE-2026-33674	PrestaShop: Improper Use of Validation Framework_CVE-2026-33674 PrestaShop is an open source e-commerce web application. Versions prior to 8.2.5 and 9.1.0 improperly use the validation framework. Versions 8.2.5 ...	PrestaShop	PrestaShop < 8.2.5	Mar 26, 2026	CVE
LOW 3.1	CVE-2026-29071	Open WebUI’s Insecure Direct Object Reference (IDOR) allows access to other users’ memories_CVE-2026-29071 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user c...	open-webui	open-webui < 0.8.6	Mar 26, 2026	CVE
LOW 3.7	CVE-2026-27860	CVE-2026-27860_CVE-2026-27860 If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassi...	Open-Xchange GmbH	OX Dovecot Pro	Mar 27, 2026	CVE
LOW 1.2	CVE-2026-33284	GlobalLeaks has insufficient URL validation in user support API_CVE-2026-33284 GlobaLeaks is free and open-source whistleblowing software. Prior to version 5.0.89, the /api/support endpoint of GlobaLeaks performs minimal valid...	globaleaks	globaleaks-whistleblowing-software < 5.0.89	Mar 27, 2026	CVE
LOW 2.3	CVE-2026-4958	OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization_CVE-2026-4958 A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgent...	OpenBMB	XAgent 1.0.0	Mar 27, 2026	CVE
LOW 2.7	CVE-2026-33879	FLIP doesn’t have rate limiting or brute-force protection on login_CVE-2026-33879 Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI mode...	londonaicentre	FLIP <= 0.1.1	Mar 27, 2026	CVE
LOW 2.1	CVE-2025-7741	CVE-2025-7741_CVE-2025-7741 Hardcoded Password Vulnerability have been found in CENTUM. Affected products contain a hardcoded password for the user account (PROG) used for CEN...	Yokogawa Electric Corporation	CENTUM VP R5.01.00	Mar 30, 2026	CVE
LOW 2.3	CVE-2026-5107	FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control_CVE-2026-5107 A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the comp...	FRRouting	FRR 10.5.0	Mar 30, 2026	CVE
LOW 2.1	CVE-2026-28528	BlueKitchen BTstack < 1.8.1 AVRCP Browsing Target GET_FOLDER_ITEMS Handler OOB Read / Undefined Behavior_CVE-2026-28528 BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Browsing Target GET_FOLDER_ITEMS handler that ...	BlueKitchen GmbH	BTstack	Mar 30, 2026	CVE
LOW 2.1	CVE-2026-28527	BlueKitchen BTstack < 1.8.1 AVRCP Controller GET_PLAYER_APPLICATION_SETTING_*_TEXT Handlers OOB Read_CVE-2026-28527 BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller GET_PLAYER_APPLICATION_SETTING_ATTR...	BlueKitchen GmbH	BTstack	Mar 30, 2026	CVE