Lucene search
K

43 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/06 3:55 a.m.8 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in underscore-1.13.7.tgz Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under...

8.2CVSS6.8AI score0.00612EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 8:36 a.m.5 views

Security Bulletin: Due to the use of Underscore.js, IBM DevOps Solution Workbench is affected by a Denial of Service (CVE-2026-27601)

Summary Underscore.js is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specif...

8.2CVSS5.8AI score0.00612EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/03/15 5:55 a.m.4 views

OESA-2026-1581 nodejs-underscore security update

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References2
OSV
OSV
added 2026/03/15 5:55 a.m.3 views

OESA-2026-1580 nodejs-underscore security update

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References2
OSV
OSV
added 2026/03/15 5:55 a.m.4 views

OESA-2026-1578 nodejs-underscore security update

Underscore.js is a utility-belt library for JavaScript that provides support for the usual functional suspects each, map, reduce, filter... without extending any core JavaScript objects. Security Fixes: Underscore.js is a utility-belt library for JavaScript. Prior to version 1.13.8, the .flatten...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References2
OSV
OSV
added 2026/03/03 11:15 p.m.3 views

DEBIAN-CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

5.9CVSS6AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 11:15 p.m.6 views

AZL-79434 CVE-2026-27601 affecting package rsyslog 8.2204.1-4

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS6.4AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 11:15 p.m.5 views

AZL-79320 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-4

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 11:15 p.m.6 views

AZL-79397 CVE-2026-27601 affecting package krb5 1.21.3-3

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 11:15 p.m.6 views

AZL-79323 CVE-2026-27601 affecting package cyrus-sasl-bootstrap 2.1.28-4

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References1
OSV
OSV
added 2026/03/03 11:15 p.m.4 views

AZL-79340 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-8

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/03/03 11:15 p.m.5 views

CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.9AI score0.00612EPSS
Exploits1References4
CVE
CVE
added 2026/03/03 10:38 p.m.107 views

CVE-2026-27601

CVE-2026-27601 affects Underscore.js prior to 1.13.8. The vulnerability arises when _.flatten or _.isEqual recursively processes deeply nested, untrusted input without a depth limit, enabling a Denial of Service via stack overflow under specific data structures (e.g., inputs created via JSON.pars...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 10:38 p.m.2 views

CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/03 10:38 p.m.5 views

CVE-2026-27601

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/03 10:38 p.m.3 views

CVE-2026-27601 Underscore.js has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack

Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...

8.2CVSS5.8AI score0.00612EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/03 5:46 p.m.4 views

Uncontrolled Recursion

Overview underscore is a JavaScript's functional programming helper library. Affected versions of this package are vulnerable to Uncontrolled Recursion through the .flatten or .isEqual functions that are used without a depth limit. An attacker can cause the application to crash or become...

8.2CVSS6AI score0.00612EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.10 views

PT-2026-22841

Name of the Vulnerable Software and Affected Versions Underscore.js versions prior to 1.13.8 Description Underscore.js, a JavaScript utility-belt library, contains an issue in the .flatten and .isEqual functions. These functions utilize recursion without a depth limit, potentially leading to a...

8.2CVSS6.1AI score0.00612EPSS
Exploits1References177
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-52708

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.02022EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/10/12 12:0 a.m.5 views

PT-2024-39309 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.13.8 Description: The issue allows authenticated attackers with Contributor-level access and above to extract sensitive private, pending, and draft template data v...

4.3CVSS6.5AI score0.00368EPSS
Exploits0References7
Rows per page
Query Builder