TencentOS Server 4: nodejs20 (TSSA-2026:0304)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0304 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Security Bulletin: There is a vulnerability in minimatch-3.0.5.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2026-27903, CVE-2026-27904)

Summary There is a vulnerability in minimatch-3.0.5.tgz used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION: minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to...

Security Bulletin: MongoDB Enterprised Advanced affected by: Inefficient Algorithmic Complexity (CVE-2026-27903, CVE-2026-27904)

Summary There are vulnerabilities in minimatch-9.0.1.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-27903, CVE-2026-27904. The vulnerability has/vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-27903 DESCRIPTION: minimatch is a minimal matching utili...

Security Bulletin: IBM Maximo Scheduler Optimizer uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904

Summary IBM Maximo Scheduler Optimizer uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal...

Security Bulletin: IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904

Summary IBM Edge Data Collector uses minimatch-3.1.2.tgz which is vulnerable to CVE-2026-26996, CVE-2026-27903, CVE-2026-27904. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-26996 DESCRIPTION: minimatch is a minimal matching utility for...

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js. CVE-2026-32141, CVE-2026-0540, CVE-2026-2327, CVE-2026-27903, CVE-2026-27904. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-3214...

RHEL 9 : nodejs:20 (RHSA-2026:9711)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9711 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RockyLinux 8 : nodejs:20 (RLSA-2026:8339)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8339 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RHEL 9 : nodejs:22 (RHSA-2026:7983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7983 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

nodejs22 security update

An update is available for nodejs22. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime \ for easily...

nodejs:22 security update

nodejs 1:22.22.2-1 - Update to version 22.22.2 Resolves: RHEL-154019 Fixes: CVE-2026-1528 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-27135 CVE-2026-1528 nodejs-nodemon 3.0.1-1 - Exclude ix86 arches from building. Related: RHEL-35991 3.0.1-1 - Rebase to 3.0.1 - Resolves: CVE-2022-25883...

Linux Distros Unpatched Vulnerability : CVE-2026-27904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2,...

CVE-2026-27904 vulnerabilities

Vulnerabilities for packages: langfuse, eslint, saf, serve, argo-workflows, pulumi, prism, actions-runner, emscripten, opensearch-dashboards-fips, kibana, tileserver-gl-fips, librechat, opentelemetry-auto-instrumentations-node, code-server, vitess, opensearch-dashboards, node-gyp, lerna,...

@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27904 via minimatch (>=8.0.2 <=8.0.4)

minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...

@adobe-apimesh/mesh-builder (=1.4.0-beta.5), @akylas/nativescript-cli (>=8.7.2 <=8.8.2) +317 more potentially affected by CVE-2026-27904 via minimatch (>=7.0.0 <=7.4.6)

minimatch NPM version =7.0.0, =8.7.2, =5.5.0-682, =0.0.6, =3.6.0, =2.6.0, =2.5.0, =3.6.0, =4.6.0, =1.11.0, =4.0.0, =2.0.7, =2.0.4, =1.2.1, =1.3.1 - @digit-ui/digit-ui-module-common =1.3.0 and more Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...

02strich-markdown (>=1.0.0 <=1.0.2), @0xintuition/slang-cli (>=0.0.1 <=0.0.8) +1947 more potentially affected by CVE-2026-27904 via minimatch (>=4.1.1 <=4.2.4)

minimatch NPM version =4.1.1, =1.0.0, =0.0.1, =0.5.2, =5.0.2, =2.2.0, =1.1.4, =1.3.1, =1.0.0, =0.0.2-alpha-20220914223128-d706aab, =0.0.2-alpha-20220915073207-1bb0680, =0.0.2-alpha-20220914223128-d706aab, =1.1.8, =1.0.0, =1.5.0 and more Source cves: CVE-2026-27904 Source advisory:...

@0x590fab/sdcor2 (>=4.2.1 <=4.4.0), @cenk1cenk2/renovate-config (>=2.2.33 <=2.3.94) +22 more potentially affected by CVE-2026-27904 via minimatch (>=6.0.0 <=6.2.0)

minimatch NPM version =6.0.0, =4.2.1, =2.2.33, =0.2.6-alpha-20230114225627-66f5d9eac, =0.1.7-alpha-20230114225627-66f5d9eac, =0.15.7-alpha-20230114225627-66f5d9eac, =0.1.0, =3.108.8--canary.1.4727068200.0, =0.0.0, =1.12.0, =1.0.0, =0.36.6, =0.36.6, =0.39.3-0 - editorconfig =1.0.2 and more Source...

CVE-2026-27904

creationtimestamp| type| source ---|---|--- 2026-02-26 05:39:42+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfqia23ij62u 2026-02-27 07:40:18+00:00| seen| https://gist.github.com/alon710/ea527c9b405937e62bf2c5ad28e25c6a 2026-02-27 12:00:56+00:00| seen|...

10up-toolkit (>=6.0.0 <=6.5.1), @0ti.me/ts-test-deps (=0.2.0) +6571 more potentially affected by CVE-2026-27904 via minimatch (>=9.0.0 <=9.0.6)

minimatch NPM version =9.0.0, =6.0.0, =1.1.0-pre.1, =1.4.0, =9.1.0, =1.17.3-testing-284.48.0, =1.0.0, =1.1.6, =0.0.0-alpha.1aa37fb04f1f, =1.1.3, =1.0.6, =1.0.25 and more Source cves: CVE-2026-27904 Source advisory: SNYK:JS-MINIMATCH-15353387...