366206 matches found
CVE-2026-50088
The CVE-2026-50088 entry concerns cross-origin request sharing in Aqara’s Developer Portal (developer.aqara.com) and its shared test environments (developer-test.aqara.com, aiot-test.aqara.com). The issue is CWE-942: Permissive Cross-domain Policy with Untrusted Domains, with CVSS v3.1 vector AV:...
CVE-2026-50087
Technical details (affected product/version, root cause, remediation) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50086
The CVE-2026-50086 entry concerns the Aqara IAM/SSO gateway (gw-builder.aqara.com), where bidirectional AES round-trups are exposed against the platform's signing key without authentication. This is identified as CWE-306 (Missing Authentication for Critical Function) and CWE-327 (Use of a Broken ...
CVE-2026-50085
The CVE-2026-50085 entry concerns the Aqara Board IoT service (op-test.aqara.com). It accepts arbitrary MQTT command payloads and forwards them to the HiveMQ broker without authentication (CWE-306: Missing Authentication for Critical Function). CVSS v3.1 base score 8.6 (High): Network access, no ...
CVE-2026-50084
CVE-2026-50084 concerns the Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api), where any valid developer token could access any account due to missing authorization (CWE-862). The CVSSv3.1 base score is 9.6 (CRITICAL): Network-based, Low attack complexity, Privileges Required: Low, Use...
CVE-2026-50083
The CVE-2026-50083 entry concerns the Aqara IAM/SSO Gateway (gw-builder.aqara.com) using a hardcoded OAuth client credential (CWE-798). This weak credential could enable a fully unauthenticated, remote takeover when combined with CVE-2026-50082, CVE-50084, and CVE-50085. Documented CVSSv3.1 base ...
CVE-2026-50082
The Aqara Cloud Developer Portal is affected by a Missing Authentication for Critical Function (CWE-306) vulnerability where a developer token could be issued to any email address, enabling an unauthenticated user to potentially take over devices when combined with CVE-2026-50083/84/85. The CVSS ...
CVE-2026-37196
Technical details for CVE-2026-37196 are not publicly available in the provided documents; the entry is reserved. Monitor for updates when details are disclosed.
CVE-2026-53647
Technical details for CVE-2026-53647 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-50560
Netty HTTP/2 vulnerability CVE-2026-50560 affects Netty versions 4.1.135.Final and 4.2.15.Final. When a client sends SETTINGS_MAX_HEADER_LIST_SIZE, Netty may read a request, proxy it to the origin, attempt to generate a response, and then fail while writing response headers, creating an exception...
CVE-2026-9641
CVE-2026-9641 affects Crypt::PBKDF2 for Perl prior to 0.261630. The vulnerability stems from a weak default configuration: using HMAC-SHA1 as the default algorithm and a default 1000 iterations, which is insufficient for modern password hashing. The impact, per sources, could involve reduced resi...
CVE-2026-46690
Summary: CVE-2026-46690 affects the unbounded-spsc crate (0.2.0 and earlier). The vulnerability originates from an unsafe TRANSMUTE in Sender::send (DISCONNECTED branch) that reinterprets a raw pointer to a Producer as a Consumer, creating a fake Arc and enabling out-of-bounds access. This race w...
CVE-2026-50020
Netty (network framework) contains a flaw in HttpObjectDecoder: prior to reading the first request-line, it ignores all ISO control bytes (0x00–0x1F, 0x7F) plus whitespace, beyond what RFC 9112 allows. This can cause request-boundary confusion in pipelined or multiplexed transports. Affects Netty...
CVE-2026-50011
Netty CVE-2026-50011 affects RedisArrayAggregator in Netty (prior to 4.1.135.Final and 4.2.15.Final). A RESP header can claim a large initial ArrayList capacity, taken from the wire before child messages exist, enabling unbounded pre-allocation. This can cause memory consumption issues. The issue...
CVE-2026-44967
OpenTelemetry-cpp OTLP HTTP exporters (traces/metrics/logs) read entire HTTP responses into an unbounded in-memory byte vector before 1.27.0, enabling memory exhaustion if the collector endpoint is attacker-controlled or the connection is MITM. The issue is fixed in opentelemetry-cpp release 1.27...
CVE-2026-50010
Netty CVE-2026-50010 affects 4.1.135.Final and 4.2.15.Final. When using SimpleTrustManagerFactory.engineGetTrustManagers(), a user-supplied plain X509TrustManager is wrapped in X509TrustManagerWrapper. This wrapper makes the trust manager appear as X509ExtendedTrustManager but implements checkSer...
CVE-2026-8828
CVE-2026-8828 describes a lack of authorization validation in ChromaDB Rust (version 1.0.0 and later) that allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenant ownership. The core issue is insufficient access control in ...
CVE-2026-47190
The CVE concerns IPAM (Metal3) where the IPAM controller’s ClusterRole granted full CRUD access to core/v1 Secrets prior to versions 1.11.7, 1.12.4, and 1.13.0. Although the controller does not access Secrets during normal operation, a compromised IPAM pod (e.g., via supply‑chain attack or contai...
CVE-2026-50009
Netty QUIC (prior to 4.2.15.Final) exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. An on-path attacker observing QUIC headers after a source-CID rotation can derive the server’s current source-CID reset to...
CVE-2026-45830
CVE-2026-45830 affects the ChromaDB Python project (version 0.4.17 and later). The lack of authorization validation allows any authenticated user to arbitrarily read, write, update, or delete data in any tenant’s collection, regardless of tenancy. The vulnerability is described with a CVSS 4.0 ba...
CVE-2026-53568
Frappe stored XSS CVE-2026-53568 affects the Frappe full-stack web framework. A stored XSS vulnerability exists in the Report/List View via the set_link_title_field_value path, impacting versions prior to 15.107.2 and 16.17.4. The issue has been patched in those versions (15.107.2 and 16.17.4). P...
CVE-2026-48748
Netty HTTP/3 vulnerability CVE-2026-48748: a memory-exhaustion flaw in the Netty HTTP/3 codec prior to 4.2.15.Final allows an infinite number of blocked streams, leading to OOM. The issue is fixed in Netty version 4.2.15.Final. Affected component: Netty’s HTTP/3 codec. Root cause: unbounded block...
CVE-2026-50026
Frappe (full‑stack web framework) contains a permission-checking flaw in the relink and set_email_password endpoints. Prior to versions 15.107.0 and 16.17.0, lack of proper authorization allowed unauthorized access to resources. The issue has been patched in those versions; remediation is to upgr...
CVE-2026-48059
Netty HAProxy: In Netty’s HAProxy PROXY protocol v2 codec, a memory leak occurs on each connection when a syntactically valid nested PP2_TYPE_SSL TLV (depth ≥ 2) is provided. This affects Netty versions 4.1.135.Final and 4.2.15.Final. The leak happens on the successful parse path: the message is ...
CVE-2026-9638
Crypt::PBKDF2 for Perl versions before 0.261630 are vulnerable because they generate salts with the built-in rand function, which is predictable and not suitable for cryptography. Affected component: Crypt::PBKDF2 (Perl). Root cause: use of insecure RNG for salts. Impact: cryptographic salts may ...
CVE-2026-47182
Frappe (full‑stack web framework) contains a broken access control flaw in which any authenticated user could access private files by guessing the file path. Affected versions prior to 16.17.4 are vulnerable; the issue is fixed in 16.17.4. Practical impact is unauthorized access to private files,...
CVE-2026-48043
Netty CVE-2026-48043 affects netty-codec-http2 before 4.1.135.Final and 4.2.15.Final. A flaw in DelegatingDecompressorFrameListener uses a per-stream EmbeddedChannel to decompress frames (gzip/deflate/zstd) and forwards chunks to a tail handler; decompressed ByteBuf ownership is not robust, allow...
CVE-2026-44976
CVE-2026-44976 affects the Frappe web framework. The vulnerability is described as an IDOR in the “update_onboarding_step” function, allowing any user to modify any field in any Onboarding Step record prior to version 16.17.4. The issue is explicitly patched in version 16.17.4. The available conn...
CVE-2026-48006
Summary : CVE-2026-48006 relates to Netty’s RedisArrayAggregator leaking pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate completes. This occurs prior to Netty versions 4.1.135.Final and 4.2.15.Final . Root cause : The RedisArrayAggregator retains...
CVE-2026-44975
CVE-2026-44975 (Frappe) : The vulnerability affects the Frappe full‑stack web framework prior to versions 15.107.2 and 16.17.4. An authenticated user can reset onboarding for all users due to missing authorization on the reset form tours. This exposes potential impact on user onboarding state, wi...
CVE-2026-44206
Frappe (full-stack web application framework) contains CVE-2026-44206, where DB Schema Enumeration is possible via a vulnerable endpoint prior to versions 15.107.2 and 16.17.4. The issue has been patched in those versions. The CVSS 4.0 base score is 6.9 (MEDIUM) with network attack vector, low co...
CVE-2026-47691
CVE-2026-47691 affects Netty up to versions 4.1.135.Final and 4.2.15.Final. The issue is in DnsResolveContext bailiwick validation for NS records, where an attacker controlling an authoritative subdomain server can poison the cache for parent domains (e.g., .co.uk). The code path in Authoritative...
CVE-2026-40677
The vulnerability CVE-2026-40677 affects AMD optional tools that use insecure HTTP transport, enabling a potential attacker to perform a man-in-the-middle attack and potentially achieve arbitrary code execution. The issue stems from unencrypted transport within these tools, which could allow inte...
CVE-2026-44207
CVE-2026-44207 affects the Frappe full‑stack web framework. It is an insecure direct object reference (IDOR) that allows authenticated users to access other users’ email configuration details. Affected versions are prior to 15.107.0 and 16.17.0. The issue has been patched in 15.107.0 and 16.17.0....
CVE-2026-5792
CVE-2026-5792 is described as an authentication bypass by spoofing vulnerability in Related Marketing Cloud (RMC) used by Hedef Media Promotion Interactive Media Marketing Inc. The issue affects RMC up to 12052026. The NVD entry provides a CVSS 3.1 base score of 6.5 (Network, Low attack complexit...
CVE-2026-44208
CVE-2026-44208 affects the Frappe framework (full-stack web app). A lack of input/permission validations in the submit_discussion() endpoint allows unauthorized access to resources (IDOR) in affected builds. The issue is fixed in versions 15.107.0 and 16.17.0; prior releases were vulnerable. No e...
CVE-2026-47244
Netty HTTP/2 CVE-2026-47244 affects Netty 4.1.135.Final and 4.2.15.Final. Before patch, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams/maxStreams to Integer.MAX_VALUE and Http2Settings does not insert SETTINGS_MAX_CONCURRENT_STREAMS by default, so a Netty HTTP/2 server can ad...
CVE-2026-44205
CVE-2026-44205 affects the Frappe framework (prior to 15.106.0). The issue is a stored XSS in the user profile image upload path that allows an attacker to execute malicious scripts in the browsers of other users. The vulnerability is mitigated by upgrading to version 15.106.0, where it is patche...
CVE-2026-41581
Frappe framework vulnerability CVE-2026-41581: a possible SQL injection via get_blog_list affects versions prior to 15.106.0 and 16.16.0. The issue has been patched in 15.106.0 and 16.16.0. CVSS 4.0 base score 6.9 (MEDIUM); attack vector NETWORK, authentication NONE required, no user interaction....
CVE-2026-47739
CVE-2026-47739 affects the Frappe framework. Prior to versions 15.106.0 and 16.16.0, a stored XSS vulnerability existed in Note due to insufficient sanitization. The issue is mitigated by upgrading to 15.106.0 or 16.16.0 or later. The CVSS-derived metrics indicate a medium impact with network acc...
CVE-2026-46340
Netty SCTP reassembly vulnerability (CVE-2026-46340) affects netty-transport-sctp before 4.1.135.Final and 4.2.15.Final. For each non-complete SctpMessage fragment, fragments are accumulated by wrapping the previous accumulator with the new slice into a new CompositeByteBuf, creating an unbounded...
CVE-2026-45674
CVE-2026-45674 affects Netty DNS resolution: the DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Affected versions are 4.1.135.Final and 4.2.15.Final; the issue is patched in those same versions. Potential impact is DNS cache poisoning via missing bai...
CVE-2026-47141
CVE-2026-47141 affects vm2 NodeVM where diagnostics_channel, async_hooks, and perf_hooks observability builtins were exposed to sandboxed code before patching in vm2 3.11.4. These process‑wide modules can leak host data (e.g., HTTP headers, AsyncResource state, performance entries) into the sandb...
CVE-2026-47210
Summary : CVE-2026-47210 affects the vm2 sandbox prior to version 3.11.4, where a JSPI-backed Promise pathway can bypass Promise species hardening via WebAssembly.promising/WebAssembly.Suspending, potentially exposing a host-originated rejection object to attacker-controlled logic and breaking sa...
CVE-2026-47208
Summary: CVE-2026-47208 affects vm2 prior to 3.11.4, enabling sandbox breakout and potential remote code execution. The root cause is in vm2’s sandbox implementation, where the localPromise constructor manipulates Promise.species and, via a crafted Promise subclass, can trigger a host-realm error...
CVE-2026-47140
CVE-2026-47140 - vm2 NodeVM denylist bypass : The vm2 sandbox (NodeVM) before version 3.11.4 did not block certain host-access primitives: processing modules like process and inspector/promises could be required from sandboxed code to bypass restrictions and execute code in the host process. Root...
CVE-2026-45673
Technical details are not publicly provided in the supplied connected documents. Monitor for updates on the Netty DNS-related vulnerability (CVE-2026-45673) and any published remediation.
CVE-2026-47139
vm2 NodeVM burlon bypass vulnerability exists where public network modules are blocked but internal underscored HTTP builtins (_http_client, _http_server) remain reachable. The issue allows sandboxed code to perform outbound HTTP requests and open listening sockets despite network exclusions, ena...
CVE-2026-47137
Summary (CVE-2026-47137): The vm2 sandbox (NodeVM) had a bypass in versions prior to 3.11.4 where nesting: true with an unspecified require allowed full host RCE. The issue arose because a security check (options.nesting === true && options.require === false) only catches explicit require: false;...
CVE-2026-47135
CVE-2026-47135 vm2 sandbox escape : The vm2 sandbox (Node.js) before 3.11.4 exposes real cross-realm Node.js symbols due to an incomplete Symbol.for override (only blocks two of nine dangerous symbols) and missing isDangerousCrossRealmSymbol checks in bridge write traps (set/defineProperty/delete...