MEDIUM - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 4	CVE-2026-45536	Netty: Unix-socket fd receive leaks descriptors when peer sends two at once_CVE-2026-45536 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, netty_u...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-44205	Frappe: Stored Cross-Site Scripting (XSS) in User Profile through Image Upload_CVE-2026-44205 Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an...	frappe	frappe < 15.106.0	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-41581	Frappe Vulnerable to Possible SQL Injection via get_blog_list_CVE-2026-41581 Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This...	frappe	frappe < 15.106.0	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-5792	Authentication Bypass in Related Digital’s Related Marketing Cloud (RMC)_CVE-2026-5792 Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brut...	Hedef Media Promotion Interactive Media Marketing Inc.	Related Marketing Cloud (RMC)	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-53568	Frappe: Stored XSS in Frappe Report/List View via ‘set_link_title_field_value’_CVE-2026-53568 Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List ...	frappe	frappe < 15.107.2	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50560	Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature_CVE-2026-50560 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty H...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE
MEDIUM 6.1	CVE-2026-50089	Aqara IAM/SSO Gateway open redirect_CVE-2026-50089 The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance of "CWE-601: URL Redirection to Untrusted Site," w...	Aqara	Aqara IAM/SSO Gateway 2026-04-20	Jun 12, 2026	CVE
MEDIUM 6.5	CVE-2026-50082	Aqara Developer Portal insecure authentication token_CVE-2026-50082 The Aqara Cloud Developer Portal (developer.aqara.com) issued a developer token to any email address supplied by the attacker. This is an instance ...	Aqara	Cloud Developer Portal 2026-04-20	Jun 12, 2026	CVE
MEDIUM 6.9	CVE-2026-50026	Frappe: Lack of permissions checks in ‘relink’ and ‘set_email_password’ endpoints_CVE-2026-50026 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed un...	frappe	frappe < 15.107.0	Jun 12, 2026	CVE
MEDIUM 5.3	CVE-2026-50020	Netty’s HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted_CVE-2026-50020 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, before ...	netty	netty >= 4.2.0.Final, < 4.2.15.Final	Jun 12, 2026	CVE