LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 3.9	CVE-2026-34768	Electron: Unquoted executable path in app.setLoginItemSettings on Windows_CVE-2026-34768 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, a...	electron	electron < 38.8.6	Apr 3, 2026	CVE
LOW 3.3	CVE-2026-34766	Electron: USB device selection not validated against filtered device list_CVE-2026-34766 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, a...	electron	electron < 38.8.6	Apr 3, 2026	CVE
LOW 3.5	CVE-2026-35679	CVE-2026-35679_CVE-2026-35679 Zcash zcashd before 6.12.0 allows invalid transactions to be accepted under certain conditions, which potentially could have resulted in the draini...	Zcash	zcashd	Apr 5, 2026	CVE
LOW 3.7	CVE-2026-37977	Keycloak: org.keycloak.protocol.oidc.grants.ciba: keycloak: information disclosure via cors header injection due to unvalidated jwt azp claim_CVE-2026-37977 A flaw was found in Keycloak. A remote attacker can exploit a Cross-Origin Resource Sharing (CORS) header injection vulnerability in Keycloak's Use...	Red Hat	Red Hat Build of Keycloak	Apr 6, 2026	CVE
LOW 3.4	CVE-2026-33404	Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard_CVE-2026-33404 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6...	pi-hole	web >= 6.0, < 6.5	Apr 6, 2026	CVE
LOW 3.1	CVE-2026-33405	Pi-hole has a Stored HTML Injection in queries.js_CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6...	pi-hole	web >= 6.0, < 6.5	Apr 6, 2026	CVE
LOW 2.3	CVE-2026-34969	Nhost Leaks the Refresh Token via URL Query Parameter in OAuth Provider Callback_CVE-2026-34969 Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh toke...	nhost	nhost < 0.48.0	Apr 6, 2026	CVE
LOW 2.3	CVE-2026-34764	Electron has a use-after-free in offscreen shared texture release() callback_CVE-2026-34764 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8....	electron	electron >= 33.0.0-alpha.1, < 39.8.5	Apr 6, 2026	CVE
LOW 2.1	CVE-2026-35200	Parse Server has a file upload Content-Type override via extension mismatch_CVE-2026-35200 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.73 and 9.7.1-alpha.4, a file c...	parse-community	parse-server >= 9.0.0, < 9.7.1-alpha.4	Apr 6, 2026	CVE
LOW 3.7	CVE-2026-35448	WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php_CVE-2026-35448 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order dat...	WWBN	AVideo <= 26.0	Apr 6, 2026	CVE