LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2	CVE-2026-23739	Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection_CVE-2026-23739 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, the a...	asterisk	asterisk < 23.2.2	Feb 6, 2026	CVE
LOW 3.5	CVE-2026-23738	The Asterisk embedded web server ‘s /httpstatus page echos user supplied values(cookie and query string) without sanitization_CVE-2026-23738 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1, 22.8.2, and 23.2.2, user ...	asterisk	asterisk < 23.2.2	Feb 6, 2026	CVE
LOW 1.1	CVE-2026-1337	Insufficient escaping of unicode characters in query log_CVE-2026-1337 Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user op...	neo4j	Enterprise Edition	Feb 6, 2026	CVE
LOW 2.3	CVE-2026-2010	Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization_CVE-2026-2010 A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-p...	Sanluan	PublicCMS 4.0.202506.a	Feb 6, 2026	CVE
LOW 3.7	CVE-2025-68458	webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior_CVE-2025-68458 Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugi...	webpack	webpack >= 5.49.0, < 5.104.1	Feb 5, 2026	CVE
LOW 3.7	CVE-2025-68157	webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects_CVE-2025-68157 Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugi...	webpack	webpack >= 5.49.0, < 5.104.0	Feb 5, 2026	CVE
LOW 3.2	CVE-2026-25815	CVE-2026-25815_CVE-2026-25815 Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 202...	Fortinet	FortiOS	Feb 5, 2026	CVE
LOW 3.7	CVE-2025-15323	Tanium addressed an improper certificate validation vulnerability in Tanium Appliance._CVE-2025-15323 Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.	Tanium	Tanium Appliance 1.8.3.0	Feb 5, 2026	CVE
LOW 2.7	CVE-2025-15321	Tanium addressed an improper input validation vulnerability in Tanium Appliance._CVE-2025-15321 Tanium addressed an improper input validation vulnerability in Tanium Appliance.	Tanium	Tanium Appliance 1.8.3.0	Feb 5, 2026	CVE
LOW 3.1	CVE-2025-15289	Tanium addressed an improper access controls vulnerability in Interact._CVE-2025-15289 Tanium addressed an improper access controls vulnerability in Interact.	Tanium	Interact 3.1.0	Feb 5, 2026	CVE