| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-50082 | Aqara Developer Portal insecure authentication token | Aqara | Cloud Developer Portal | Medium | 6.5 | 2026-06-12 15:00:32 | Deep Dive |
| CVE-2026-50560 | Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature | netty | netty | 中危 | - | 2026-06-12 15:00:00 | Deep Dive |
| CVE-2026-9641 | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations | ARODLAND | Crypt::PBKDF2 | - | - | 2026-06-12 14:57:31 | Deep Dive |
| CVE-2026-46690 | unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race | spearman | unbounded-spsc | Medium | 5.8 | 2026-06-12 14:56:10 | Deep Dive |
| CVE-2026-50020 | Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted | netty | netty | Medium | 5.3 | 2026-06-12 14:55:32 | Deep Dive |
| CVE-2026-50011🧪 | Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length | netty | netty | High | 7.5 | 2026-06-12 14:52:18 | Deep Dive |
| CVE-2026-44967 | opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response | open-telemetry | opentelemetry-cpp | Medium | 5.3 | 2026-06-12 14:52:00 | Deep Dive |
| CVE-2026-50010🧪 | Netty's wrapping plain trust manager silently disables hostname verification | netty | netty | High | 7.5 | 2026-06-12 14:50:43 | Deep Dive |
| CVE-2026-8828 | ChromaDB 授权问题漏洞 | Chroma | ChromaDB | 高危 | - | 2026-06-12 14:50:33 | Deep Dive |
| CVE-2026-47190 | IPAM controller service account granted unnecessary full access to Secrets | metal3-io | ip-address-manager | Medium | 4.4 | 2026-06-12 14:49:52 | Deep Dive |
| CVE-2026-50009 | Netty QUIC stateless reset token material exposed through header-visible connection IDs | netty | netty | Medium | 4.8 | 2026-06-12 14:47:10 | Deep Dive |
| CVE-2026-45830 | Chroma ChromaDB 授权问题漏洞 | Chroma | ChromaDB | 高危 | - | 2026-06-12 14:46:55 | Deep Dive |
| CVE-2026-53568 | Frappe: Stored XSS in Frappe Report/List View via 'set_link_title_field_value' | frappe | frappe | 中危 | - | 2026-06-12 14:45:12 | Deep Dive |
| CVE-2026-48748🧪 | Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion | netty | netty | High | 7.5 | 2026-06-12 14:45:05 | Deep Dive |
| CVE-2026-50026 | Frappe: Lack of permissions checks in 'relink' and 'set_email_password' endpoints | frappe | frappe | 中危 | - | 2026-06-12 14:43:41 | Deep Dive |
| CVE-2026-48059 | Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion | netty | netty | 高危 | - | 2026-06-12 14:42:45 | Deep Dive |
| CVE-2026-9638 | Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts | ARODLAND | Crypt::PBKDF2 | 高危 | - | 2026-06-12 14:41:52 | Deep Dive |
| CVE-2026-47182 | Frappe: Broken Access Control on Private Files | frappe | frappe | 中危 | - | 2026-06-12 14:39:58 | Deep Dive |
| CVE-2026-48043 | netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion | netty | netty | Medium | 5.3 | 2026-06-12 14:39:52 | Deep Dive |
| CVE-2026-44976 | Frappe: IDOR in update_onboarding_step | frappe | frappe | 中危 | - | 2026-06-12 14:38:00 | Deep Dive |