category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-50244	Naxclow IoT Platform Missing Authorization_CVE-2026-50244 The Naxclow platform exposes a registration endpoint that accepts signed requests containing a batch prefix and an arbitrary caller-supplied accoun...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-50108	Naxclow IoT Platform Missing Authorization_CVE-2026-50108 The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
CRITICAL 9.2	CVE-2026-50101	Naxclow IoT Platform Not using password aging_CVE-2026-50101 Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credent...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 5.1	CVE-2026-50099	Naxclow IoT Platform Insertion of sensitive information into Externally-Accessible file or directory_CVE-2026-50099 During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART conso...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50008	Parse Server: Server option routeAllowList is bypassable through batch sub-requests_CVE-2026-50008 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.8.0 to before version 9.9.1-...	parse-community	parse-server >= 9.8.0, < 9.9.1-alpha.3	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-47248	Parse Server: GraphQL “Did you mean” validation suggestions disclose schema to unauthenticated callers_CVE-2026-47248 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2,...	parse-community	parse-server < 8.6.78	Jun 12, 2026	CVE
MEDIUM 4.3	CVE-2026-47236	Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission_CVE-2026-47236 Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions...	solidtime-io	solidtime < 0.12.2	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47138	Parse Server: Pre-authentication denial of service via client version header regex backtracking_CVE-2026-47138 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1,...	parse-community	parse-server < 8.6.77	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-42947	Naxclow IoT Platform Authorization bypass through User-Controlled key_CVE-2026-42947 A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an ar...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-42932	Naxclow IoT Platform Generation of Predictable Numbers or Identifiers_CVE-2026-42932 Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identif...	Naxclow	Smart Doorbell X3 All	Jun 12, 2026	CVE