| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-50091🧪 | Aqara Home Android SDK hardcoded keys | Aqara | com.lumiunited.aqarahome | Critical | 9.1 | 2026-06-12 15:02:24 | Deep Dive |
| CVE-2026-50090🧪 | Aqara OAuth redirect_uri validation bypass | Aqara | Cloud OAuth Authorization Endpoint | Critical | 9.3 | 2026-06-12 15:02:14 | Deep Dive |
| CVE-2026-50089 | Aqara IAM/SSO Gateway open redirect | Aqara | Aqara IAM/SSO Gateway | Medium | 6.1 | 2026-06-12 15:02:02 | Deep Dive |
| CVE-2026-50088🧪 | Aqara Developer Portal cross-origin resource sharing | Aqara | Aqara Developer Portal | High | 8.2 | 2026-06-12 15:01:50 | Deep Dive |
| CVE-2026-50087🧪 | Aqara IAM/SSO Gateway cross-origin resource sharing | Aqara | Aqara IAM/SSO Gateway | High | 8.2 | 2026-06-12 15:01:38 | Deep Dive |
| CVE-2026-50086🧪 | Aqara unauthenticated AES oracle | Aqara | Aqara IAM/SSO Gateway | Critical | 10.0 | 2026-06-12 15:01:26 | Deep Dive |
| CVE-2026-50085🧪 | Aqara Board IoT insecure debug API | Aqara | Board service | High | 8.6 | 2026-06-12 15:01:14 | Deep Dive |
| CVE-2026-50084🧪 | Aqara API cross-account access | Aqara | Cloud Production API | Critical | 9.6 | 2026-06-12 15:01:01 | Deep Dive |
| CVE-2026-50083🧪 | Aqara hardcoded OAuth client credentials | Aqara | Aquara IAM/SSO Gateway | Critical | 9.1 | 2026-06-12 15:00:49 | Deep Dive |
| CVE-2026-50082 | Aqara Developer Portal insecure authentication token | Aqara | Cloud Developer Portal | Medium | 6.5 | 2026-06-12 15:00:32 | Deep Dive |
| CVE-2026-50560 | Netty susceptible to HTTP/2 Reset Attack with different on-the-wire signature | netty | netty | 中危 | - | 2026-06-12 15:00:00 | Deep Dive |
| CVE-2026-9641 | Crypt::PBKDF2 versions before 0.261630 for Perl have a weak default algorithm and number of iterations | ARODLAND | Crypt::PBKDF2 | - | - | 2026-06-12 14:57:31 | Deep Dive |
| CVE-2026-46690 | unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race | spearman | unbounded-spsc | Medium | 5.8 | 2026-06-12 14:56:10 | Deep Dive |
| CVE-2026-50020 | Netty's HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted | netty | netty | Medium | 5.3 | 2026-06-12 14:55:32 | Deep Dive |
| CVE-2026-50011🧪 | Netty has unbounded pre-allocation in RedisArrayAggregator from RESP array length | netty | netty | High | 7.5 | 2026-06-12 14:52:18 | Deep Dive |
| CVE-2026-44967 | opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response | open-telemetry | opentelemetry-cpp | Medium | 5.3 | 2026-06-12 14:52:00 | Deep Dive |
| CVE-2026-50010🧪 | Netty's wrapping plain trust manager silently disables hostname verification | netty | netty | High | 7.5 | 2026-06-12 14:50:43 | Deep Dive |
| CVE-2026-8828 | ChromaDB 授权问题漏洞 | Chroma | ChromaDB | 高危 | - | 2026-06-12 14:50:33 | Deep Dive |
| CVE-2026-47190 | IPAM controller service account granted unnecessary full access to Secrets | metal3-io | ip-address-manager | Medium | 4.4 | 2026-06-12 14:49:52 | Deep Dive |
| CVE-2026-50009 | Netty QUIC stateless reset token material exposed through header-visible connection IDs | netty | netty | Medium | 4.8 | 2026-06-12 14:47:10 | Deep Dive |