LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2025-14547	ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs_CVE-2025-14547 An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Trigge...	silabs.com	Simplicity SDK	Feb 20, 2026	CVE
LOW 2.4	CVE-2025-14055	Integer underflow in Secure NCP host_CVE-2025-14055 An integer underflow vulnerability in Silicon Labs Secure NCP host implementation allows a buffer overread via a specially crafted packet.	silabs.com	Simplicity SDK	Feb 20, 2026	CVE
LOW 2.3	CVE-2026-21620	TFTP Path Traversal_CVE-2026-21620 Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (t...	erlang	otp 17.0	Feb 20, 2026	CVE
LOW 2.3	CVE-2026-27017	uTLS has a Chrome Parrot Fingerprint Vulnerability due to GREASE ECH Cipher Suite Mismatch_CVE-2026-27017 uTLS is a fork of crypto/tls, created to customize ClientHello for fingerprinting resistance while still using it for the handshake. Versions 1.6.0...	refraction-networking	utls >= 1.6.0, < 1.8.1	Feb 20, 2026	CVE
LOW 2.7	CVE-2026-26964	Windmill Exposes Workspace Slack OAuth Client Secrets to Non-Admin Workspace Members_CVE-2026-26964 Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-ad...	windmill-labs	windmill < 1.635.0	Feb 19, 2026	CVE
LOW 3.7	CVE-2026-24122	Cosign Certificate Chain Expiry Validation Issue Allows Issuing Certificate Expiry to Be Overlooked_CVE-2026-24122 Cosign provides code signing and transparency for containers and binaries. In versions 3.0.4 and below, an issuing certificate with a validity that...	sigstore	cosign < 3.0.5	Feb 19, 2026	CVE
LOW 1.7	CVE-2026-26958	filippo.io/edwards25519 MultiScalarMult function produces invalid results or undefined behavior if receiver is not the identity_CVE-2026-26958 filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1...	FiloSottile	filippo.io/edwards25519 < 1.1.1	Feb 19, 2026	CVE
LOW 3.8	CVE-2026-25423	WordPress Real 3D FlipBook plugin <= 4.16.4 - Broken Access Control vulnerability_CVE-2026-25423 Missing Authorization vulnerability in creativeinteractivemedia Real 3D FlipBook real3d-flipbook-lite allows Exploiting Incorrectly Configured Acce...	creativeinteractivemedia	Real 3D FlipBook n/a	Feb 19, 2026	CVE
LOW 2.1	CVE-2026-26059	ChurchCRM has Stored Cross-Site Scripting (XSS) in GroupEditor.php_CVE-2026-26059 ChurchCRM is an open-source church management system. In versions prior to 6.8.2, it was possible for an authenticated user with permission to edit...	ChurchCRM	CRM < 6.8.1	Feb 19, 2026	CVE
LOW 2.1	CVE-2026-26345	SPIP < 4.4.8 Cross-Site Scripting in Public Area_CVE-2026-26345 SPIP before 4.4.8 allows Cross-Site Scripting (XSS) in the public area for certain edge-case usage patterns. The echapper_html_suspect() function d...	SPIP	SPIP 4.4.0	Feb 19, 2026	CVE