Lucene search
K

68 matches found

OSV
OSV
added yesterday4 views

RLSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.0251EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2 days ago10 views

Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6AI score0.0251EPSS
Exploits1References15
OSV
OSV
added 2026/06/30 9:6 a.m.2 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.0251EPSS
Exploits3References39
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.7 views

SUSE SLES15 Security Update : nodejs22 (SUSE-SU-2026:2647-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2647-1 advisory. This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on...

9.8CVSS6.8AI score0.0251EPSS
Exploits3References58
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

6.5CVSS6.8AI score0.00605EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.9 views

SUSE CVE-2026-11525

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS5.9AI score0.00248EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/17 5:31 p.m.46 views

CVE-2026-11525 undici vulnerable to Set-Cookie SameSite attribute downgrade via permissive substring matching

Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...

3.7CVSS0.00248EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50499

Name of the Vulnerable Software and Affected Versions undici versions 5.15.0 through 6.25.x undici versions 7.0.0 through 7.27.x undici versions 8.0.0 through 8.4.x Description When parsing a Set-Cookie header, the software accepts any SameSite attribute value containing Strict, Lax, or None as a...

3.7CVSS5.3AI score0.00248EPSS
Exploits0References117
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement regarding cookies in Google Chrome prior to version 91.0.4472.77 allowed a remote attacker to bypass cookie policies through a crafted HTML page...

4.3CVSS6.6AI score0.01143EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/14 11:18 p.m.8 views

WWBN AVideo has CORS Origin Reflection with Credentials on Sensitive API Endpoints Enables Cross-Origin Account Takeover

Summary The allowOrigin$allowAll=true function in objects/functions.php reflects any arbitrary Origin header back in Access-Control-Allow-Origin along with Access-Control-Allow-Credentials: true. This function is called by both plugin/API/get.json.php and plugin/API/set.json.php — the primary API...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:15 p.m.2 views

GHSA-4WWR-7H7C-CHQR AVideo's CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

Summary AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit SameSite=None cookie policy, an attacker can forge cross-origin...

8.1CVSS6.1AI score0.00233EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/31 8:39 p.m.9 views

EUVD-2026-17630

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

8.1CVSS6AI score0.00233EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/31 8:39 p.m.5 views

CVE-2026-34394 AVideo: CSRF on Admin Plugin Configuration Enables Payment Credential Hijacking

WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint admin/save.json.php lacks any CSRF token validation. There is no call to isGlobalTokenValid or verifyToken before processing the request. Combined with the application's explicit...

8.1CVSS6AI score0.00233EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.3 views

WordPress plugin WP Cookie Consent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.6AI score0.00227EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-10082

Malware in sbrugna...

6.5CVSS7.9AI score0.0255EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-5161

Malware in sbrugna...

6.5CVSS7.9AI score0.01426EPSS
Exploits0References14
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-17458

Malware in sbrugna...

4.3CVSS7AI score0.01143EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-5941

Malicious code in bioql PyPI...

6.8CVSS6.5AI score0.00323EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/02 5:19 p.m.9 views

CVE-2025-24318

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise...

6.8CVSS6.8AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 5:15 p.m.10 views

CVE-2025-24318

Cookie policy is observable via built-in browser tools. In the presence of XSS, this could lead to full session compromise...

6.8CVSS0.00323EPSS
Exploits0References2
Rows per page
Query Builder