41 matches found
CVE-2026-27980 vulnerabilities
Vulnerabilities for packages: langfuse, jitsucom-jitsu...
CVE-2026-27980
creationtimestamp| type| source ---|---|--- 2026-03-18 20:16:53+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mheckymabq2s 2026-04-07 15:50:12+00:00| seen| https://gist.github.com/legion2002/7b386ccb1a11d5503868dcf115c1e4c5 2026-04-07 16:04:26+00:00| seen|...
CVE-2026-27980
Next.js versions 10.0.0 through 16.1.6 expose an unbounded disk cache in the image optimization feature at /_next/image, allowing denial of service via cache growth. The root cause is a lack of an upper bound on the disk cache; the fix in v16.1.7 adds an LRU-backed disk cache and an eviction poli...
PT-2026-23119
Name of the Vulnerable Software and Affected Versions Next.js versions 10.0.0 through 16.1.6 Description Next.js, a React framework for building full-stack web applications, had an issue where the default image optimization disk cache / next/image lacked a configurable upper bound, leading to...
EUVD-2024-35895
Malicious code in bioql PyPI...
CVE-2025-27980
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=...
CVE-2025-27980
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=...
CVE-2025-27980
creationtimestamp| type| source ---|---|--- 2025-04-15 14:55:04+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11824 2025-04-15 19:57:25+00:00| seen| https://t.me/cvedetector/22981...
CVE-2025-27980
cashbook v4.0.3 has an arbitrary file read vulnerability in /api/entry/flow/invoice/show?invoice=...
openSUSE Security Advisory (SUSE-SU-2024:2574-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Advisory (SUSE-SU-2024:2543-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-27980 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2024-27980 vulnerabilities
Vulnerabilities for packages: nodejs...
CVE-2024-27980
Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...
CVE-2024-27980
CVE-2024-27980 affects Node.js where improper handling of batch files in child_process.spawn/spawnSync allows a malicious command line argument to inject arbitrary commands and achieve code execution even when shell is not enabled. The issue is documented across multiple feeds (Node.js CVE entry,...
CVE-2024-27980
Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...
CVE-2024-27980
Due to the improper handling of batch files in childprocess.spawn / childprocess.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled...
BIT-NODE-MIN-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...
BIT-NODE-2024-36138
Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows via childprocess.spawn / childprocess.spawnSync. A malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option i...
CVE-2024-27980
creationtimestamp| type| source ---|---|--- 2024-09-07 19:20:31+00:00| seen| https://t.me/cvedetector/5029 2024-11-14 12:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08 2025-01-09 01:11:49+00:00| seen| https://infosec.exchange/users/cve/statuses/11379573448375297...