174 matches found
@andreacioni/saml2-nest-lib (=0.0.7), @apps-in-toss/web-framework (>=2.0.0 <=2.5.0) +221 more potentially affected by CVE-2026-2880 via @fastify/middie (>=8.0.0 <=9.1.0)
@fastify/middie NPM version =8.0.0, =2.0.0, =1.1.6, =1.0.5, =0.2.5, =0.0.6, =0.0.1, =0.0.1, =4.33.5, =2.0.7, =0.0.0-canary-20240602190113, =0.0.0-canary-20240602190113, =0.1.0, =0.7.1 and more Source cves: CVE-2026-2880 Source advisory: OSV:GHSA-8P85-9QPW-FWGW...
CVE-2026-2880
creationtimestamp| type| source ---|---|--- 2026-02-27 18:36:39+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mfue4bp2322b 2026-02-27 21:47:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfuosfvtuc2e 2026-02-28 06:40:11+00:00| seen|...
CVE-2026-2880
A vulnerability in @fastify/middie versions 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware for example, app.use'/secret', auth. When Fastify router normalization options are enabled such as ignoreDuplicateSlashes, useSemicolonDelimiter, and related...
MiracleLinux 8 : go-toolset:rhel8 delve-1.8.3-1.module+el8+1585+5d99e9d3, golang-1.18.9-1.module+el8+1585+5d99e9d3, go-toolset-1.18.9-1.module+el8+1585+5d99e9d3 (AXSA:2023-4877:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-4877:01 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...
MiracleLinux 8 : cockpit-composer-45-1.el8, osbuild-composer-75-1.el8.ML.1, osbuild-81-1.el8.ML.1, weldr-client-35.9-2.el8 (AXSA:2023-6087:04)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6087:04 advisory. golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward...
CVE-2018-2880
Vulnerability in the MICROS Retail-J component of Oracle Retail Applications subcomponent: Back Office. The supported version that is affected is 12.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise MICROS Retail-J. Successful attacks...
CVE-2024-2880
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 in which a user with admingroupmember custom role permission could ban group members...
EUVD-2023-2880
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-2880
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1...
TencentOS Server 3: container-tools:rhel8 (TSSA-2024:0228)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0228 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: git-lfs (TSSA-2023:0145)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0145 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: osbuild (TSSA-2023:0105)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0105 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: ostree (TSSA-2023:0103)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0103 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
TencentOS Server 3: cockpit-composer (TSSA-2023:0135)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0135 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Alibaba Cloud Linux 3 : 0101: container-tools:rhel8 (ALINUX3-SA-2024:0101)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0101 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2018-25091: urllib3 before 1.24.2 does...
Alibaba Cloud Linux 3 : 0075: grafana (ALINUX3-SA-2023:0075)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0075 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2880: Requests forwarded by...
Alibaba Cloud Linux 3 : 0071: git-lfs (ALINUX3-SA-2023:0071)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0071 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-2880: Requests forwarded by...
RLSA-2024:0121 Moderate: container-tools:4.0 security update
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: archive/tar: unbounded memory consumption when reading headers CVE-2022-2879 golang: net/http/httputil: ReverseProxy should not forward unparseable query...
CVE-2025-2880
creationtimestamp| type| source ---|---|--- 2025-05-02 07:34:58+00:00| seen| https://t.me/cvedetector/24330...
CVE-2025-2880
The Yame | Link In Bio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 0.9.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in t...