Lucene search
K

606 matches found

OSV
OSV
added 2026/01/26 2:47 p.m.8 views

BIT-NODE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS6.1AI score0.03493EPSS
Exploits0References21
OSV
OSV
added 2026/01/20 9:16 p.m.8 views

AZL-74979 CVE-2025-55131 affecting package nodejs for versions less than 20.14.0-13

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS7.4AI score0.03493EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 9:16 p.m.7 views

AZL-74967 CVE-2025-55131 affecting package nodejs18 for versions less than 18.20.3-11

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS7.4AI score0.03493EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 9:16 p.m.7 views

ALPINE-CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS5.9AI score0.03493EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 9:16 p.m.12 views

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS0.03493EPSS
Exploits0References20
OSV
OSV
added 2026/01/20 9:16 p.m.48 views

UBUNTU-CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS7.3AI score0.03493EPSS
Exploits0References3
CVE
CVE
added 2026/01/20 8:41 p.m.35 views

CVE-2025-55131

CVE-2025-55131 relates to Node.js buffer allocation in the vm module with timeout, which can expose uninitialized memory in buffers (Buffer.alloc and Uint8Array) under specific timing. Connected advisories confirm the issue affects multiple Node.js packages across distributions (examples: nodejs1...

7.1CVSS5.8AI score0.03493EPSS
Exploits0References20
Cvelist
Cvelist
added 2026/01/20 8:41 p.m.30 views

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS0.03493EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/20 8:41 p.m.7 views

CVE-2025-55131

A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the vm module with the timeout option. Under specific timing conditions, buffers allocated with Buffer.alloc and other TypedArray instances like Uint8Array may contain leftover...

7.1CVSS5.8AI score0.03493EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 1:15 a.m.4 views

CVE-2026-22770

ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions prior to 7.1.2-13, the last element in the set is not properly initialized. This will...

9.8CVSS0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.12 views

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, stemming from defects in buffer allocation logic. These vulnerabilities may lead to uninitialized memory leaks, resulting in the disclosure o...

7.1CVSS7.2AI score0.03493EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/01/17 12:26 a.m.7 views

SUSE CVE-2025-68784

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

4.7CVSS6.4AI score0.00166EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/15 2:26 a.m.6 views

CVE-2025-68784

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

5.5CVSS6AI score0.00166EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-24125

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-16 ImageMagick versions prior to 6.9.13-41 Description ImageMagick is software used for editing and manipulating digital images. A heap-buffer-overflow issue exists in the PCL encode functionality due to an...

6.8CVSS6AI score0.00141EPSS
Exploits0References106
NVD
NVD
added 2025/12/31 7:15 a.m.6 views

CVE-2025-15278

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS0.00263EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 6:59 a.m.31 views

CVE-2025-15278 FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS0.00263EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/12/31 12:28 a.m.12 views

SUSE CVE-2023-54214

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...

5.8CVSS6.6AI score0.00177EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/30 3:30 p.m.4 views

EUVD-2023-60427

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...

6.1AI score0.00177EPSS
Exploits0References9
NVD
NVD
added 2025/12/30 1:16 p.m.5 views

CVE-2023-54214

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...

0.00177EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2025/12/30 1:16 p.m.9 views

CVE-2023-54214

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix potential user-after-free This fixes all instances of which requires to allocate a buffer calling allocskb which may release the chan lock and reacquire later which makes it possible that the chan is...

6AI score0.00177EPSS
Exploits0References10
Rows per page
Query Builder