Low Severity Threats

Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 contain a vulnerability where configuring RSA encryption with the OAEP algorithm does not actually enable OAEP. Instead, due to an incorrect transformation string in the BouncyCastle library, the OAEP setting falls back to using PKCS#1 v1.5 encryption, which is less secure. This issue is fixed in version 4.2.0.

CVE-2026-12567 is a low-severity vulnerability in Black Lantern Security's BBOT version 2.0.0. The github_workflows module improperly handles user-controlled repository names when constructing local directory paths, failing to validate symbolic links. This allows a local attacker with access to the scan directory to plant a symlink at a predictable output path, causing workflow data to be written to an attacker-chosen location.

CVE-2026-12566 is a server-side request forgery (SSRF) vulnerability in Black Lantern Security's BBOT version 2.0.0. The docker_pull module improperly trusts the realm parameter from a Docker registry's WWW-Authenticate header without validation. An attacker positioned as a man-in-the-middle could manipulate this header to redirect authentication requests to a malicious endpoint, potentially exposing authentication tokens. The vulnerability has a low severity score of 3.1 and no known exploits in the wild. No official patch or remediation guidance is currently available.

CVE-2026-43122 is a rejected vulnerability entry with no available technical details or impact information. There is no CVSS score or remediation guidance provided.

CVE-2026-43423 is a rejected vulnerability entry with no available technical details or description. There is no information on affected versions, impact, or remediation.

CVE-2026-43422 is a rejected vulnerability entry with no available technical details, description, or confirmed impact. There is no information on affected versions, exploitation, or remediation.

CVE-2026-31688 is a vulnerability record that has been rejected by the CVE program. There is no technical description, no CVSS score, no affected versions, and no remediation information available. The CVE entry is marked as rejected, indicating it is not recognized as a valid vulnerability.

CVE-2025-38553 is a vulnerability record that has been rejected by the assigning authority and contains no technical details or impact information.

snes9x 1.63 allows an out-of-bounds write and denial of service via a crafted .ups file.

Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to information disclosure.