ROOT-APP-NPM-CVE-2026-1528 CVE-2026-1528 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1528 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

Oracle Linux 9 : nodejs:22 (ELSA-2026-7302)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7302 advisory. - introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135 - patch for npm/braces CVE-2026-25547 Resolves: RHEL-163369 Fixes: CVE-2026-152...

RHEL 9 : nodejs:22 (RHSA-2026:7983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7983 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs22 security update

An update is available for nodejs22. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime \ for easily...

Important: Red Hat Security Advisory: nodejs:24 security update

An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

nodejs:22 security update

nodejs 1:22.22.2-1 - Update to version 22.22.2 Resolves: RHEL-154019 Fixes: CVE-2026-1528 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-27135 CVE-2026-1528 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883...

CVE-2026-1528 vulnerabilities

Vulnerabilities for packages: renovate, jitsucom-jitsu, code-server...

0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1991 more potentially affected by CVE-2026-1528 via undici (>=6.0.1 <=6.23.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.21, =0.1.0, =0.1.5 and more Source cves: CVE-2026-1528 Source advisory: OSV:GHSA-F269-VFMQ-VJVJ...

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +384 more potentially affected by CVE-2026-1528 via undici (>=7.0.0 <=7.22.0)

undici NPM version =7.0.0, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.2, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =21.0.0, =0.5.0, =1.0.1, =12.6.9, =13.0.0-alpha.4 and more Source cves: CVE-2026-1528 Source advisory: OSV:GHSA-F269-VFMQ-VJVJ...

Linux Distros Unpatched Vulnerability : CVE-2026-1528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up...

0utmailauth (=1.0.0), @1023-ventures/ursa-core (>=0.5.2 <=0.5.3) +1991 more potentially affected by CVE-2026-1528 via undici (>=6.0.1 <=6.23.0)

undici NPM version =6.0.1, =0.5.2, =0.5.2, =1.3.7, =1.3.7, =1.3.7, =1.0.0, =1.0.0, =0.1.5-alpha.0, =1.0.9-beta.0, =0.5.21, =0.5.21, =0.1.0, =0.1.5 and more Source cves: CVE-2026-1528 Source advisory: SNYK:JS-UNDICI-15518064...

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +385 more potentially affected by CVE-2026-1528 via undici (>=7.0.0-alpha.3 <=7.22.0)

undici NPM version =7.0.0-alpha.3, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.2, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =21.0.0, =0.5.0, =1.0.1, =12.6.9, =13.0.0-alpha.4 and more Source cves: CVE-2026-1528 Source advisory: SNYK:JS-UNDICI-15518064...

CVE-2026-1528

creationtimestamp| type| source ---|---|--- 2026-03-12 20:16:25+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2026-1528 2026-03-12 20:41:47+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mgvb5xjenk2f 2026-03-12 21:36:30+00:00| seen|...

MiracleLinux 4 : krb5-1.9-22.AXS4.1 (AXSA:2012-29:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-29:01 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of...

CMS Made Simple < 2.2.15 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmsmadesimple:cmsmadesimple...

CVE-2025-1528

creationtimestamp| type| source ---|---|--- 2025-03-14 04:53:31+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7527 2025-03-14 06:41:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkcyxjm3pk2m 2025-03-14 08:20:50+00:00| seen| https://t.me/cvedetector/20269...

CVE-2025-1528 Search and filter pro <= 2.5.19 - Missing Authorization to Authenticated (Subscriber+) Post Meta Exposure

The Search & Filter Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getmetavalues' function in all versions up to, and including, 2.5.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2024-1528

creationtimestamp| type| source ---|---|--- 2024-03-12 17:32:04+00:00| seen| https://t.me/ctinow/205896 2024-03-12 17:32:13+00:00| seen| https://t.me/ctinow/205904...

CVE-2024-1528 Cross-site Scripting in CMS Made Simple

CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting XSS vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to ...

CVE-2024-1528

CMS Made Simple 2.2.14 is reported to be vulnerable to Cross-Site Scripting through /admin/moduleinterface.php due to insufficient encoding of user-controlled input in multiple parameters. The issue is exploitable to deliver a crafted JavaScript payload to an authenticated user, with potential se...