Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CBLMariner
CBLMarineradded 2026/04/14 12:55 a.m.4 views

CVE-2026-21713 affecting package nodejs24 for versions less than 24.14.1-1

CVE-2026-21713 affecting package nodejs24 for versions less than 24.14.1-1. An upgraded version of the package is available that resolves this issue...

5.9CVSS5.8AI score0.00385EPSS
Exploits0
OSV
OSVadded 2026/04/13 3:54 p.m.3 views

SUSE-SU-2026:1299-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: - Update to 24.14.1 - CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. - CVE-2026-21710: uncaught TypeError exception can cause a...

7.5CVSS6.2AI score0.13066EPSS
Exploits0References19
Tenable Nessus
Tenable Nessusadded 2026/04/11 12:0 a.m.2 views

Photon OS 4.0: Nodejs PHSA-2026-4.0-0995

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0995. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7AI score0.13066EPSS
Exploits0References8
Microsoft CVE
Microsoft CVEadded 2026/04/01 8:19 a.m.7 views

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values. Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.

...

5.9CVSS6.7AI score0.00385EPSS
Exploits0
NVD
NVDadded 2026/03/30 8:16 p.m.3 views

CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

5.9CVSS0.00385EPSS
Exploits0References1
SUSE CVE
SUSE CVEadded 2026/03/25 4:58 p.m.3 views

SUSE CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

5.6CVSS6.5AI score0.00385EPSS
Exploits0References13
Tenable Nessus
Tenable Nessusadded 2026/03/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-21713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information...

5.9CVSS6.8AI score0.00385EPSS
Exploits0References3
Rows per page
Query Builder