ROOT-APP-NPM-CVE-2022-24771 CVE-2022-24771 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24771 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

CVE-2026-24771 vulnerabilities

Vulnerabilities for packages: langfuse...

CVE-2026-24771 vulnerabilities

Vulnerabilities for packages: langfuse-fips, langfuse, librechat...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @abyedev/hono-dotenv (=1.0.0) +441 more potentially affected by CVE-2026-24771 via hono (>=0.5.10 <=4.11.6)

hono NPM version =0.5.10, =0.1.8-fix.3, =5.0.0, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.1.1, =0.0.1, =0.0.2-a, =0.1.22, =1.1.1, =0.0.1, =1.7.2, =1.7.1, =1.8.0 and more Source cves: CVE-2026-24771 Source advisory: OSV:GHSA-9R54-Q6CX-XMH5...

CVE-2026-24771

creationtimestamp| type| source ---|---|--- 2026-01-27 21:16:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mdgol2onf32j 2026-01-29 02:40:53+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mdjr6g6vpas2...

@3onedata/alsatian (>=0.1.8-fix.3 <=0.1.8-fix.5), @agimon-ai/browse-tool (>=0.2.0 <=0.5.5) +152 more potentially affected by CVE-2026-24771 via hono (>=4.0.0 <=4.11.6)

hono NPM version =4.0.0, =0.1.8-fix.3, =0.2.0, =0.2.0, =0.4.0, =0.2.0, =0.0.1, =1.7.2, =1.7.1, =0.2.1, =0.6.1, =0.5.2, =1.0.1-beta.0, =1.0.2, =1.0.0, =1.0.1 and more Source cves: CVE-2026-24771 Source advisory: SNYK:JS-HONO-15123927...

CVE-2020-24771

Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to signature forgery due to the node-forge package (CVE-2022-24771, CVE-2022-24772 )

Summary Node-forge is used by DataStage on Cloud Pak for Data as part of connection encryption. Vulnerability Details CVEID:CVE-2022-24771 DESCRIPTION: Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signatu...

CVE-2025-24771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Content Manager Light content-manager-light allows Reflected XSS.This issue affects Content Manager Light: from n/a through = 3.2...

CVE-2025-24771 WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Content Manager Light content-manager-light allows Reflected XSS.This issue affects Content Manager Light: from n/a through = 3.2...

CVE-2025-24771

CVE-2025-24771 is a Reflected XSS in WordPress content-manager-light (OTWthemes Content Manager Light) affecting versions up to 3.2. The issue arises from improper neutralization of input during web page generation. CVSS v3.1 base score is 7.1 (HIGH) with NETWORK attack vector, user interaction r...

CVE-2025-24771 WordPress Content Manager Light plugin <= 3.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OTWthemes Content Manager Light allows Reflected XSS. This issue affects Content Manager Light: from n/a through 3.2...

CVE-2021-24771

The Inspirational Quote Rotator WordPress plugin through 1.0.0 does not sanitize and escape some of its quote fields when adding/editing a quote as admin, leading to Stored Cross-Site scripting issues when the quote is output in the "Quotes list" even when the unfilteredhtml capability is disallo...

Linux Distros Unpatched Vulnerability : CVE-2022-24771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification...

CVE-2024-11803

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-11803

CVE-2024-11803 affects Fuji Electric Tellus Lite V-Simulator 5, specifically the V-Simulator 5 (V8) file parsing component. The root cause is inadequate validation of the length of user-supplied data during V8 file parsing, leading to a write past the end of a fixed-length stack-based buffer. Thi...

CVE-2024-11803 Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability ...

CVE-2024-24771

creationtimestamp| type| source ---|---|--- 2024-02-07 16:22:19+00:00| seen| https://t.me/ctinow/180792 2024-03-01 20:46:42+00:00| seen| https://t.me/ctinow/197975...

CVE-2024-24771

Open Forms CVE-2024-24771 affects multiple versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2, with a non-exploitable MFA weakness that could allow a second-factor bypass if a superuser’s credentials are compromised. Attack could let the attacker view sensitive submissions or impersonate staff if b...

Security Bulletin: Open Source Dependency Vulnerability

Summary IBM Edge Application Manager 4.5 has resolved the vulnerability. Vulnerability Details CVEID:CVE-2022-24772 DESCRIPTION: Node.js node-forge module could allow a remote attacker to bypass security restrictions, caused by improper signature verification when checking for tailing garbage byt...