HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-50085	Aqara Board IoT insecure debug API_CVE-2026-50085 The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authe...	Aqara	Board service 2026-04-20	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50011	Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length_CVE-2026-50011 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisAr...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50010	Netty’s wrapping plain trust manager silently disables hostname verification_CVE-2026-50010 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleT...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-48748	Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion_CVE-2026-48748 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulner...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48059	Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion_CVE-2026-48059 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAP...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48006	Netty’s Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator_CVE-2026-48006 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the Red...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47691	Netty has Insufficient Bailiwick Validation for NS Records_CVE-2026-47691 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-45832	CVE-2026-45832_CVE-2026-45832 All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers...	Chroma	ChromaDB 0.5.0	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-45831	CVE-2026-45831_CVE-2026-45831 The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds...	Chroma	ChromaDB 0.5.0	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-45830	CVE-2026-45830_CVE-2026-45830 A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, wr...	Chroma	ChromaDB 0.4.17	Jun 12, 2026	CVE