Lucene search
+L

67 matches found

redhatcve
redhatcve
added 2026/06/15 8:35 a.m.13 views

CVE-2026-12216

A flaw was found in Duktape. A local attacker can exploit this vulnerability by manipulating the countinstr argument in dukapibytecode.c, leading to memory corruption. This could result in a denial of service or other impacts due to compromised memory integrity. Mitigation Mitigation for this iss...

5.3CVSS5.1AI score0.00112EPSS
Exploits0References8
nvd
nvd
added 2026/06/15 4:16 a.m.35 views

CVE-2026-12216

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS0.00112EPSS
Exploits0References5
osv
osv
added 2026/06/15 4:16 a.m.7 views

DEBIAN-CVE-2026-12216

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

4.8CVSS5.2AI score0.00112EPSS
Exploits0References1
osv
osv
added 2026/06/15 4:16 a.m.8 views

UBUNTU-CVE-2026-12216

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS5.3AI score0.00112EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/15 3:45 a.m.9 views

CVE-2026-12216 svaarala duktape duk_api_bytecode.c memory corruption

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS5.5AI score0.00112EPSS
Exploits0References5
euvd
euvd
added 2026/06/15 3:45 a.m.14 views

EUVD-2026-36689

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS5.6AI score0.00112EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/15 3:45 a.m.41 views

CVE-2026-12216 svaarala duktape duk_api_bytecode.c memory corruption

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a manipulation of the argument countinstr can lead to memory corruption. The attack requires local access. The exploit has been made available to th...

5.3CVSS0.00112EPSS
Exploits0References5
cve
cve
added 2026/06/15 3:45 a.m.145 views

CVE-2026-12216

The CVE-2026-12216 entry concerns svaarala duktape up to 2.99.99. The vulnerability occurs in duk_api_bytecode.c and is triggered by manipulating the argument count_instr, leading to memory corruption. Exploitation requires local access, and a public exploit/public disclosure has been made. No re...

5.3CVSS5.6AI score0.00112EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.17 views

PT-2026-49177

A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file duk api bytecode.c. Executing a manipulation of the argument count instr can lead to memory corruption. The attack requires local access. The exploit has been made available to...

5.3CVSS5.5AI score0.00112EPSS
Exploits0References6
nessus
nessus
added 2026/06/15 12:0 a.m.33 views

Linux Distros Unpatched Vulnerability : CVE-2026-12216

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in svaarala duktape up to 2.99.99. This issue affects some unknown processing of the file dukapibytecode.c. Executing a...

5.3CVSS6AI score0.00112EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Zabbix

Duktape is a third-party embeddable JavaScript engine, focusing on portability and minimal footprint. When adding too many values in the valstack, JavaScript can crash. This issue arises due to a bug in Duktape 2.6, which is a third-party solution that we use...

7.5CVSS7.2AI score0.00758EPSS
Exploits0References2
veracode
veracode
added 2026/05/15 9:28 p.m.49 views

Information Disclosure

Zabbix is vulnerable to an information disclosure. The vulnerability is due to the reuse of JavaScript Duktape contexts in Zabbix Server/Proxy, which allows a regular non-super administrator to leak sensitive data from hosts they are not authorized to access through shared global JavaScript...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3Affected Software1
nessus
nessus
added 2026/04/02 12:0 a.m.10 views

Zabbix 6.0.x < 6.0.41 / 7.0.x < 7.0.19 / 7.2.x < 7.2.13 / 7.4.x < 7.4.3 Information Disclosure (ZBX-27638)

The version of Zabbix Server installed on the remote host is prior to 6.0.41, 7.0.19, 7.2.13, 7.4.3. It is, therefore, affected by an information disclosure vulnerability : - Zabbix Server/Proxy reuses JavaScript Duktape contexts for performance reasons. This can lead to confidentiality loss wher...

7.1CVSS6AI score0.00154EPSS
Exploits0References2
nessus
nessus
added 2026/03/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23919

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/03/24 8:26 p.m.6 views

CVE-2026-23919

A flaw was found in Zabbix Server and Proxy. This vulnerability arises from the system's reuse of JavaScript Duktape contexts, which are execution environments for JavaScript code. A regular Zabbix administrator, even without superuser privileges, can exploit this to access and leak sensitive dat...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References2
osv
osv
added 2026/03/24 7:16 p.m.2 views

DEBIAN-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.3AI score0.00154EPSS
Exploits0References1
osv
osv
added 2026/03/24 7:16 p.m.38 views

UBUNTU-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2026/03/24 7:16 p.m.4 views

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.9AI score0.00154EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/03/24 6:26 p.m.6 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References1
debiancve
debiancve
added 2026/03/24 6:26 p.m.5 views

CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.3AI score0.00154EPSS
Exploits0
Rows per page
Query Builder