Lucene search
K

1923 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-MIN-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

6.5CVSS7.1AI score0.00674EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39610

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:14 a.m.199 views

CVE-2026-48618

CVE-2026-48618 is a Node.js TLS hostname handling issue involving unicode dot separator handling that can bypass wildcard-depth authentication due to resolver/verifier hostname normalization mismatches. Connected updates confirm the vulnerability affects Node.js 22, 24, and 26 across releases. SU...

7.7CVSS6.7AI score0.00674EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in grub2

A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the process that closes files improperly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause th...

4.9CVSS5.4AI score0.0013EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/23 3:36 a.m.11 views

CVE-2026-55655

A flaw was found in OpenSSH. A local unprivileged attacker on a Linux client host can hijack client-side X11 forwarding connections. This is possible by pre-binding the preferred abstract X socket name when X11 forwarding is enabled and a local UNIX-domain X socket is used. A successful attack ca...

6.1CVSS5.7AI score0.0009EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel. A use-after-free occurred in the way the console subsystem utilized ioctls KDGKBSENT and KDSKBSENT. A local user could exploit this flaw to gain access to memory beyond its intended scope. The most significant threat posed by this vulnerability is to dat...

4.1CVSS6.7AI score0.00434EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:21 p.m.7 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/18 4:21 p.m.11 views

EUVD-2026-37914

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 4:21 p.m.66 views

CVE-2026-48617

CVE-2026-48617 describes a flaw in Node.js permission model enforcement that allows bypass via path misvalidation in process.report.writeReport(), potentially affecting confidentiality and integrity under affected configurations. Affected: all supported Node.js release lines (22, 24, 26). Impact ...

1.8CVSS4.9AI score0.00208EPSS
Exploits0References2
Redos
Redos
added 2026/06/15 12:0 a.m.7 views

ROS-20260615-73-0036

The vulnerability of the RDP client FreeRDP relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected information...

8.1CVSS5AI score0.00191EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.11 views

CVE-2026-41979

Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality...

5.5CVSS5.4AI score0.00075EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 3:50 a.m.11 views

EUVD-2026-35329

Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality...

5.5CVSS5.4AI score0.00075EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-29937

An out of bounds read within the AMD Platform Management Framework PMF could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality...

5.8CVSS5.6AI score0.00104EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-0044

An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability...

4.8CVSS5.5AI score0.00099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.12 views

CVE-2025-62619

Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidentiality...

6.3CVSS5.5AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.10 views

CVE-2026-40827

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can resu...

7CVSS5.8AI score0.00295EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40811

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.8AI score0.0032EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.8 views

CVE-2024-21950

An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability...

1.8CVSS5.5AI score0.00095EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2026/06/01 8:41 a.m.15 views

Advisory ROSA-SA-2026-3298

Software: wget 1.21.3 Operating System: ROSA-CHROME Unaffected versions: = wget-1.21.3-2 Affected versions: wget-1.21.3-2 CVE-ID: CVE-2024-38428 BDU-ID: 2024-04683 CVE-Crit: Medium CVE-DESCRIPTION: The vulnerability in the userinfo URI of the GNU Wget download manager is related to insecure...

9.1CVSS5.8AI score0.00672EPSS
Exploits0
Rows per page
Query Builder