Lucene search
+L

22 matches found

Rockylinux
Rockylinux
added 2 days ago6 views

nodejs:24 security, bug fix, and enhancement update

An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.5AI score0.02806EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.8 views

Important: Red Hat Security Advisory: nodejs:22 security, bug fix, and enhancement update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References15
AlmaLinux
AlmaLinux
added 2026/07/06 12:0 a.m.5 views

Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
NVD
NVD
added 2026/06/26 2:16 a.m.13 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS0.00256EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 2:16 a.m.7 views

DEBIAN-CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.1AI score0.00256EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.7 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.6AI score0.00256EPSS
Exploits0
OSV
OSV
added 2026/06/20 6:12 a.m.3 views

BELL-CVE-2026-48928

Bulletin has no description...

5.4CVSS5.8AI score0.00256EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.17 views

SUSE CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.9CVSS6.1AI score0.00256EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-48928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release line...

5.4CVSS6.7AI score0.00256EPSS
Exploits0References4
Circl
Circl
added 2026/06/19 1:45 p.m.9 views

CVE-2026-48928

creationtimestamp| type| source ---|---|--- 2026-06-19 13:45:17+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3moni2fdzi32c 2026-06-21 19:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities20260622 2026-06-26 02:20:01+00:00| seen|...

5.4CVSS6.2AI score0.00256EPSS
Exploits0References3
Circl
Circl
added 2026/02/24 6:1 p.m.9 views

CVE-2024-48928

creationtimestamp| type| source ---|---|--- 2026-02-24 18:01:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfmqqsia7t2z...

7.5CVSS4.8AI score0.0026EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/30 12:53 a.m.16 views

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

4CVSS7AI score0.00366EPSS
Exploits0References1
Circl
Circl
added 2025/05/28 6:14 p.m.16 views

CVE-2025-48928

creationtimestamp| type| source ---|---|--- 2025-05-28 18:14:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114586815688198231 2025-05-28 20:40:20+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lqb2satwaf24 2025-07-01 05:10:42+00:00| exploited|...

4CVSS7.5AI score0.00366EPSS
Exploits0References14
CVE
CVE
added 2025/05/28 12:0 a.m.186 views

CVE-2025-48928

CVE-2025-48928 affects the TeleMessage service (TeleMessage TM SGNL) running a JSP-based application up to 2025-05-05. The issue is that heap content can resemble a core dump, exposing passwords previously sent over HTTP within that dump. Exploitation was observed in the wild in May 2025. Public ...

4CVSS7.2AI score0.00366EPSS
In wildExploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2025/05/28 12:0 a.m.4 views

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a “core dump” in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value...

4CVSS7.3AI score0.00366EPSS
In wildExploits0References2
Cvelist
Cvelist
added 2025/05/28 12:0 a.m.23 views

CVE-2025-48928

The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...

4CVSS0.00366EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2024/08/22 3:16 p.m.16 views

CVE-2022-48928

In the Linux kernel, the following vulnerability has been resolved: iio: adc: menz188adc: Fix a resource leak in an error handling path If iiodeviceregister fails, a previous ioremap is left unbalanced. Update the error handling path and add the missing iounmap call, as already done in the remove...

5.5CVSS5.8AI score0.0021EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/08/22 3:31 a.m.29 views

CVE-2022-48928

In the Linux kernel, the following vulnerability has been resolved: iio: adc: menz188adc: Fix a resource leak in an error handling path If iiodeviceregister fails, a previous ioremap is left unbalanced. Update the error handling path and add the missing iounmap call, as already done in the remove...

5.5CVSS5.2AI score0.0021EPSS
Exploits0
Circl
Circl
added 2023/12/31 9:46 a.m.7 views

CVE-2023-48928

creationtimestamp| type| source ---|---|--- 2023-12-31 09:46:33+00:00| seen| https://t.me/ctinow/161039...

6.1CVSS6.1AI score0.00456EPSS
Exploits1References1
OSV
OSV
added 2023/12/08 5:15 a.m.4 views

CVE-2023-48928

Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...

6.1CVSS5.7AI score0.00456EPSS
Exploits1References1
Rows per page
Query Builder