Linux Distros Unpatched Vulnerability : CVE-2026-45149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too...

CVE-2026-45149

creationtimestamp| type| source ---|---|--- 2026-05-29 22:33:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzlseijt522 2026-05-30 11:05:14+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116663196876893976 2026-05-30 12:00:54+00:00| seen|...

CVE-2026-45149

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like 1..10000000, the sequence generation loop generates all 10 million intermediate...

CVE-2026-45149 vulnerabilities

Vulnerabilities for packages: prism, npm, renovate, lerna, opensearch-dashboards, langfuse, tileserver-gl, pulumi...

@anarchitects/nx-js (=0.1.0), @asd14/eslint-config (>=14.5.0 <=15.2.0) +162 more potentially affected by CVE-2026-45149 via brace-expansion (>=5.0.2 <=5.0.5)

brace-expansion NPM version =5.0.2, =14.5.0, =0.105.0, =0.9.1-alpha.0, =0.2.0, =0.4.1-alpha.11, =0.0.237, =0.0.237, =1.4.3, =0.0.94, =0.77.0, =0.77.0, =1.0.0, =1.0.1 and more Source cves: CVE-2026-45149 Source advisory: OSV:GHSA-JXXR-4GWJ-5JF2...

PT-2026-41726

Name of the Vulnerable Software and Affected Versions brace-expansion affected versions not specified Description A Denial of Service DoS issue exists where the max option is applied too late during the expansion of large numeric ranges. For example, expanding a range like 1..10000000 causes the...

EUVD-2025-45149

Malicious code in surya-martabak40-sukiwir npm...

Linux Distros Unpatched Vulnerability : CVE-2022-45149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was...

CVE-2024-45149

creationtimestamp| type| source ---|---|--- 2024-10-10 13:24:32+00:00| seen| https://t.me/cvedetector/7574...

CVE-2023-45149

creationtimestamp| type| source ---|---|--- 2023-10-17 00:32:27+00:00| seen| https://t.me/cibsecurity/72359...

CVE-2023-45149 Password of talk conversations can be bruteforced in Nextcloud

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...

CVE-2023-45149 Password of talk conversations can be bruteforced in Nextcloud

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the...

CVE-2023-45149

CVE-2023-45149 affects Nextcloud Talk. Root cause: brute-force protection for public talk conversation passwords can be bypassed because the authentication endpoint validates the password without applying bruteforce protection. Affected: Nextcloud Talk versions prior to 15.0.8, 16.0.6, or 17.1.1....

Moodle 3.11.x < 3.11.11 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.9.x prior to 3.9.18, 3.11.x prior to 3.11.11 or 4.0.x prior to 4.0.5. It is, therefore, affected by multiple vulnerabilities: - An information disclosure due to a user CSRF token being unnecessarily included in the URL during the redirection...

Fedora 36 : moodle (2022-f7fdcb1820)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f7fdcb1820 advisory. Fixes for multiple CVEs Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora: Security Advisory for moodle (FEDORA-2022-cb7084ae1c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for moodle (FEDORA-2022-f7fdcb1820)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2022-45149

creationtimestamp| type| source ---|---|--- 2022-11-23 18:13:59+00:00| seen| https://t.me/cibsecurity/53423...

CVE-2022-45149

A vulnerability was found in Moodle which exists due to insufficient validation of the HTTP request origin in course redirect URL. A user's CSRF token was unnecessarily included in the URL when being redirected to a course they have just restored. A remote attacker can trick the victim to visit a...

CVE-2022-45149

CVE-2022-45149 affects Moodle and stems from insufficient validation of the HTTP request origin in a course redirect URL, causing the user’s CSRF token to be included in the URL during a redirect when restoring a course. The vulnerability enables a remote attacker to lure a victim to a crafted pa...