MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.19-1.el7, rh-nodejs14-nodejs-14.20.0-2.el7 (AXSA:2022-3813:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3813:02 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

MiracleLinux 8 : krb5-1.18.2-8.el8 (AXSA:2021-1843:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1843:01 advisory. krb5: unbounded recursion via an ASN.1-encoded Kerberos message in lib/krb5/asn.1/asn1encode.c may lead to DoS CVE-2020-28196 Tenable has extracted the...

MiracleLinux 8 : nodejs:14 (AXSA:2022-3839:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3839:01 advisory. nodejs: DNS rebinding in --inspect via invalid IP addresses CVE-2022-32212 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding...

MiracleLinux 9 : libvpx-1.9.0-7.el9.ML.1 (AXSA:2023-6488:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6488:01 advisory. libvpx: Heap buffer overflow in vp8 encoding in libvpx CVE-2023-5217 libvpx: crash related to VP9 encoding in libvpx CVE-2023-44488 Tenable has...

MiracleLinux 8 : container-tools:4.0 (AXSA:2023-5976:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5976:02 advisory. golang: net/http: improper sanitization of Transfer-Encoding header CVE-2022-1705 golang: go/parser: stack exhaustion in all Parse functions...

MiracleLinux 9 : podman-4.9.4-13.el9_4 (AXSA:2024-8900:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8900:09 advisory. go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion CVE-2024-34155...

MiracleLinux 7 : glibc-2.17-322.el7 (AXSA:2021-1374:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1374:01 advisory. glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding CVE-2019-25013 glibc: stack corruption fr...

Improper Handling of URL Encoding (Hex Encoding)

Overview @fastify/express is an Express compatibility layer for Fastify Affected versions of this package are vulnerable to Improper Handling of URL Encoding Hex Encoding where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of...

CVE-2026-22037

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...

CVE-2026-23530

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash DoS...

CVE-2026-23530 FreeRDP has heap-buffer-overflow in planar_decompress_plane_rle

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,freerdpbitmapdecompressplanar does not validate nSrcWidth/nSrcHeight against planar-maxWidth/maxHeight before RLE decode. A malicious server can trigger a client‑side heap buffer overflow, causing a crash DoS...

CVE-2026-23530

FreeRDP (freerdp_bitmap_decompress_planar, and related paths in RDP handling) is affected by a client-side heap buffer overflow in versions prior to 3.21.0, triggered by insufficient validation of dimensions before RLE decode and other decode paths, leading to DoS and potential code‑execution ris...

CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...

CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...

CVE-2026-22037 @fastify/express vulnerable to Improper Handling of URL Encoding (Hex Encoding)

The @fastify/express plugin adds full Express compatibility to Fastify. A security vulnerability exists in @fastify/express prior to version 4.0.3 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While the...

CVE-2026-22031

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...

Improper Handling of URL Encoding (Hex Encoding)

Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Improper Handling of URL Encoding Hex Encoding where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. An...

CVE-2026-22031 Fastify Middie Middleware Path Bypass

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...

CVE-2026-22031 Fastify Middie Middleware Path Bypass

@fastify/middie is the plugin that adds middleware support on steroids to Fastify. A security vulnerability exists in @fastify/middie prior to version 9.1.0 where middleware registered with a specific path prefix can be bypassed using URL-encoded characters e.g., /%61dmin instead of /admin. While...

Encoding Error

Overview org.apache.linkis:linkis-common is a module that builds a computation middleware layer to facilitate connection, governance and orchestration between the upper applications and the underlying data engines. Affected versions of this package are vulnerable to Encoding Error via the handlin...