HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 7.5	CVE-2026-44894	Netty’s Default QUIC token handler accepts any client-supplied token_CVE-2026-44894 Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the appl...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-44893	Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length_CVE-2026-44893 Netty is a network application framework for development of protocol servers and clients. In netty-codec-haproxy prior to versions 4.1.135.Final an...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-8828	CVE-2026-8828_CVE-2026-8828 A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write...	Chroma	ChromaDB 1.0.0	Jun 12, 2026	CVE
HIGH 8.2	CVE-2026-50088	Aqara Developer Portal cross-origin resource sharing_CVE-2026-50088 The Aqara Developer Portal (developer.aqara.com) and shared test environments (developer-test.aqara.com, aiot-test.aqara.com) exhibit cross-origin ...	Aqara	Aqara Developer Portal 2026-04-20	Jun 12, 2026	CVE
HIGH 8.2	CVE-2026-50087	Aqara IAM/SSO Gateway cross-origin resource sharing_CVE-2026-50087 The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissiv...	Aqara	Aqara IAM/SSO Gateway 2026-04-20	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-50085	Aqara Board IoT insecure debug API_CVE-2026-50085 The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authe...	Aqara	Board service 2026-04-20	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50011	Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length_CVE-2026-50011 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisAr...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50010	Netty’s wrapping plain trust manager silently disables hostname verification_CVE-2026-50010 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleT...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-48748	Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion_CVE-2026-48748 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulner...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48059	Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion_CVE-2026-48059 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAP...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE