LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.1	CVE-2026-28526	BlueKitchen BTstack < 1.8.1 AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_* Handlers OOB Read_CVE-2026-28526 BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LIST_PLAYER_APPLICATION_SETTING_ATT...	BlueKitchen GmbH	BTstack	Mar 30, 2026	CVE
LOW 3.8	CVE-2025-66215	OpenSC: Stack-buffer-overflow WRITE in card-oberthur_CVE-2025-66215 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time use...	OpenSC	OpenSC < 0.27.0	Mar 30, 2026	CVE
LOW 3.9	CVE-2025-66038	OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers_CVE-2025-66038 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, sc_compacttlv_find_tag searches a compact-TLV buffer for a given...	OpenSC	OpenSC < 0.27.0	Mar 30, 2026	CVE
LOW 3.9	CVE-2025-66037	OpenSC: Out of Bounds vulnerability_CVE-2025-66037 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzz_pkcs15_reader harness causes...	OpenSC	OpenSC < 0.27.0	Mar 30, 2026	CVE
LOW 3.8	CVE-2025-49010	OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE_CVE-2025-49010 OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time use...	OpenSC	OpenSC < 0.27.0	Mar 30, 2026	CVE
LOW 3.3	CVE-2026-21716	CVE-2026-21716_CVE-2026-21716 An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission check...	nodejs	node 20.20.1	Mar 30, 2026	CVE
LOW 3.3	CVE-2026-21715	CVE-2026-21715_CVE-2026-21715 A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all ...	nodejs	node 20.20.1	Mar 30, 2026	CVE
LOW 3.1	CVE-2026-32696	NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable_CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication)...	nanomq	nanomq >= 0.24.6, < 0.24.7	Mar 30, 2026	CVE
LOW 3.6	CVE-2026-5115	Session hijacking in PaperCut NG/MF embedded application for Konica Minolta devices_CVE-2026-5115 The PaperCut NG/MF (specifically, the embedded application for Konica Minolta devices) is vulnerable to session hijacking. The PaperCut NG/MF Embed...	PaperCut	Papercut NG/MF	Mar 31, 2026	CVE
LOW 2.1	CVE-2026-4794	Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF_CVE-2026-4794 Multiple cross-site scripting (XSS) vulnerabilities in PaperCut NG/MF before 25.0.10 allow authenticated administrator users to inject arbitrary we...	PaperCut	PaperCut NG/MF	Mar 31, 2026	CVE