CVE-2026-7768

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

CVE-2026-7768

creationtimestamp| type| source ---|---|--- 2026-05-04 19:21:22+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3ml2fex7c4s2n 2026-05-04 20:18:21+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3ml2ikvmow326 2026-05-04 22:45:08+00:00| seen|...

CVE-2026-7768

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

Ubuntu: Security Advisory (USN-7768-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-7768

Tigo Energy's Cloud Connect Advanced CCA device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to prototype pollution due to the gRPC package ( CVE-2020-7768)

Summary gRPC is used by DataStage on Cloud Pak for Data as part of service communication. Vulnerability Details CVEID:CVE-2020-7768 DESCRIPTION: The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. CWE:CWE-1321:...

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

amlr (>=0.3.6 <=0.4.1), arsa-ml (>=0.1.0 <=0.1.13) +29 more potentially affected by CVE-2024-7768 via h2o (>=3.18.0.8 <=3.46.0.7)

h2o PYPI version =3.18.0.8, =0.3.6, =0.1.0, =0.0.92, =1.0.81, =2019.9.10.14.39.5, =1.0.1, =0.1.20, =0.1.0, =0.1.2, =0.3.2, =0.3.0, =1.0.1.1.4, =0.4.0.dev3, =0.1.0, =3.0.1, =5.4.1 and more Source cves: CVE-2024-7768 Source advisory: OSV:GHSA-P2VC-M5FV-9W9M...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.10), ai.h2o:h2o-algos (>=0.1.9 <=3.46.0.10) +49 more potentially affected by CVE-2024-7768 via ai.h2o:h2o-core (>=0.1.10 <=3.8.3.4)

ai.h2o:h2o-core MAVEN version =0.1.10, =3.34.0.1, =0.1.9, =0.1.9, =3.12.0.1, =3.8.2.4, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.10 and more Source cves: CVE-2024-7768 Source advisory: SNYK:JAVA-AIH2O-9486739...

CVE-2024-7768

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

CVE-2024-7768 Denial of Service in h2oai/h2o-3

A vulnerability in the /3/ImportFiles endpoint of h2oai/h2o-3 version 3.46.1 allows an attacker to cause a denial of service. The endpoint takes a single GET parameter, path, which can be recursively set to reference itself. This leads the server to repeatedly call its own endpoint, eventually...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2235-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Prototype Pollution

Overview "The package grpc before 1.24.4 and the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition." Recommendation Upgrade to version 1.1.8 or later References - CVE - GitHub Advisory...

0.extends.wechat (>=1.0.51 <=1.0.65), 0perator (>=0.1.0 <=0.3.0) +15845 more potentially affected by CVE-2020-7768 via @grpc/grpc-js (>=0.1.0 <=1.1.7)

@grpc/grpc-js NPM version =0.1.0, =1.0.51, =0.1.0, =0.1.0, =5.0.0, =1.0.0, =1.0.1, =1.0.0, =1.1.0, =0.1.1, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =1.2.1 and more Source cves: CVE-2020-7768 Source advisory: OSV:GHSA-PP75-XFPW-37G9...

3architecture (>=1.0.0 <=1.7.0), 4coders-commons (>=0.0.1 <=0.0.2) +3773 more potentially affected by CVE-2020-7768 via grpc (>=0.11.1 <=1.24.3)

grpc NPM version =0.11.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =1.6.0, =1.0.1, =0.0.2, =4.1.6-22, =0.0.1, =0.0.2 and more Source cves: CVE-2020-7768 Source advisory: OSV:GHSA-PP75-XFPW-37G9...

Photon OS 3.0: Grpc PHSA-2020-3.0-0176

An update of the grpc package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0176. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid144218;...

Security Bulletin: App Connect Enterprise Certified Container is vulnerable to code injection and Denial of Service attacks

Summary App Connect Enterprise Certified Container Integration Servers and Designers are vulnerable to code injection and Denial of Service attacks due to CVE-2020-7766 and CVE-2020-7768 Vulnerability Details CVEID: CVE-2020-7768 DESCRIPTION: Node.js grpc module is vulnerable to a denial of...

CVE-2020-7768

CVE-2020-7768 affects gRPC in Node.js: the package grpc prior to 1.24.4 and @grpc/grpc-js prior to 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. Impact details in sources describe a pollution path that could alter object prototypes, enabling unauthorized modification of o...

3architecture (>=1.0.0 <=1.7.0), 4coders-commons (>=0.0.1 <=0.0.2) +3711 more potentially affected by CVE-2020-7768 via grpc (>=1.0.0 <=1.24.3)

grpc NPM version =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.1.0, =1.0.24, =0.0.1, =1.6.0, =1.0.1, =0.0.2, =4.1.6-22, =0.0.1, =0.0.2 and more Source cves: CVE-2020-7768 Source advisory: SNYK:JS-GRPC-598671...