22 matches found
nodejs:24 security, bug fix, and enhancement update
An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: nodejs:22 security, bug fix, and enhancement update
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
CVE-2026-48928
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
DEBIAN-CVE-2026-48928
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-48928
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
BELL-CVE-2026-48928
Bulletin has no description...
SUSE CVE-2026-48928
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
Linux Distros Unpatched Vulnerability : CVE-2026-48928
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release line...
CVE-2026-48928
creationtimestamp| type| source ---|---|--- 2026-06-19 13:45:17+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3moni2fdzi32c 2026-06-21 19:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/node-js-multiple-vulnerabilities20260622 2026-06-26 02:20:01+00:00| seen|...
CVE-2024-48928
creationtimestamp| type| source ---|---|--- 2026-02-24 18:01:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfmqqsia7t2z...
CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...
CVE-2025-48928
creationtimestamp| type| source ---|---|--- 2025-05-28 18:14:10+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114586815688198231 2025-05-28 20:40:20+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lqb2satwaf24 2025-07-01 05:10:42+00:00| exploited|...
CVE-2025-48928
CVE-2025-48928 affects the TeleMessage service (TeleMessage TM SGNL) running a JSP-based application up to 2025-05-05. The issue is that heap content can resemble a core dump, exposing passwords previously sent over HTTP within that dump. Exploitation was observed in the wild in May 2025. Public ...
CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a “core dump” in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value...
CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025...
CVE-2022-48928
In the Linux kernel, the following vulnerability has been resolved: iio: adc: menz188adc: Fix a resource leak in an error handling path If iiodeviceregister fails, a previous ioremap is left unbalanced. Update the error handling path and add the missing iounmap call, as already done in the remove...
CVE-2022-48928
In the Linux kernel, the following vulnerability has been resolved: iio: adc: menz188adc: Fix a resource leak in an error handling path If iiodeviceregister fails, a previous ioremap is left unbalanced. Update the error handling path and add the missing iounmap call, as already done in the remove...
CVE-2023-48928
creationtimestamp| type| source ---|---|--- 2023-12-31 09:46:33+00:00| seen| https://t.me/ctinow/161039...
CVE-2023-48928
Franklin Fueling Systems System Sentinel AnyWare SSA version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL...