HIGH - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.2	CVE-2026-50087	Aqara IAM/SSO Gateway cross-origin resource sharing_CVE-2026-50087 The Aqara IAM/SSO gateway (gw-builder.aqara.com) exhibits a cross-origin request sharing vulnerability, which is an instance of "CWE-942: Permissiv...	Aqara	Aqara IAM/SSO Gateway 2026-04-20	Jun 12, 2026	CVE
HIGH 8.6	CVE-2026-50085	Aqara Board IoT insecure debug API_CVE-2026-50085 The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authe...	Aqara	Board service 2026-04-20	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50011	Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length_CVE-2026-50011 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisAr...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50010	Netty’s wrapping plain trust manager silently disables hostname verification_CVE-2026-50010 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleT...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-48748	Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion_CVE-2026-48748 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulner...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48059	Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion_CVE-2026-48059 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAP...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-48006	Netty’s Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator_CVE-2026-48006 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the Red...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.7	CVE-2026-47691	Netty has Insufficient Bailiwick Validation for NS Records_CVE-2026-47691 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-45832	CVE-2026-45832_CVE-2026-45832 All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers...	Chroma	ChromaDB 0.5.0	Jun 12, 2026	CVE
HIGH 8.8	CVE-2026-45831	CVE-2026-45831_CVE-2026-45831 The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds...	Chroma	ChromaDB 0.5.0	Jun 12, 2026	CVE