CVSS - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
HIGH 8.6	CVE-2026-50085	Aqara Board IoT insecure debug API_CVE-2026-50085 The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authe...	Aqara	Board service 2026-04-20	Jun 12, 2026	CVE
CRITICAL 9.6	CVE-2026-50084	Aqara API cross-account access_CVE-2026-50084 The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an in...	Aqara	Cloud Production API 2026-04-20	Jun 12, 2026	CVE
CRITICAL 9.1	CVE-2026-50083	Aqara hardcoded OAuth client credentials_CVE-2026-50083 The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Cred...	Aqara	Aquara IAM/SSO Gateway 2026-04-20	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50082	Aqara Developer Portal insecure authentication token_CVE-2026-50082 The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance ...	Aqara	Cloud Developer Portal 2026-04-20	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50026	Frappe: Lack of permissions checks in ‘relink’ and ‘set_email_password’ endpoints_CVE-2026-50026 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed un...	frappe	frappe < 15.107.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-50020	Netty’s HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted_CVE-2026-50020 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50011	Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length_CVE-2026-50011 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisAr...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-50010	Netty’s wrapping plain trust manager silently disables hostname verification_CVE-2026-50010 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleT...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 4.8	CVE-2026-50009	Netty QUIC stateless reset token material exposed through header-visible connection IDs_CVE-2026-50009 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the sta...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
HIGH 7.5	CVE-2026-48748	Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion_CVE-2026-48748 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulner...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE