category_cve - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
CRITICAL 9.1	CVE-2026-50083	Aqara hardcoded OAuth client credentials_CVE-2026-50083 The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Cred...	Aqara	Aquara IAM/SSO Gateway 2026-04-20	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50082	Aqara Developer Portal insecure authentication token_CVE-2026-50082 The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance ...	Aqara	Cloud Developer Portal 2026-04-20	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50026	Frappe: Lack of permissions checks in ‘relink’ and ‘set_email_password’ endpoints_CVE-2026-50026 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed un...	frappe	frappe < 15.107.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-50020	Netty’s HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted_CVE-2026-50020 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50011	Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length_CVE-2026-50011 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisAr...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50010	Netty’s wrapping plain trust manager silently disables hostname verification_CVE-2026-50010 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleT...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 4.8	CVE-2026-50009	Netty QUIC stateless reset token material exposed through header-visible connection IDs_CVE-2026-50009 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the sta...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-48748	Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion_CVE-2026-48748 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulner...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48059	Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion_CVE-2026-48059 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAP...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-48043	netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion_CVE-2026-48043 Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE