Lucene search
K

634 matches found

NVD
NVD
added 5 days ago9 views

CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS0.0037EPSS
Exploits1References5
Cvelist
Cvelist
added 5 days ago26 views

CVE-2026-59880 Immutable.js: Hash-collision algorithmic complexity denial of service in Immutable.Map/Set

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS0.0037EPSS
Exploits1References5
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42315

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6AI score0.0037EPSS
Exploits1References5
CVE
CVE
added 5 days ago10 views

CVE-2026-59880

Immutable.js contains a HashCollision vulnerability in Map/Set keys prior to version 4.3.9 and 5.1.8: an adversary who controls inserted keys can craft many hash collisions in a HashCollisionNode, causing linear scans and CPU exhaustion during insertion and lookup. The issue is fixed in 4.3.9 and...

8.7CVSS6AI score0.0037EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 5 days ago9 views

CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6AI score0.0037EPSS
Exploits1
EUVD
EUVD
added 2026/06/25 9:29 p.m.7 views

EUVD-2026-38380

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 9:29 p.m.5 views

GHSA-Q2H6-GHWM-5QM8 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings

Summary InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. Other hash-based collection formatters use the security-aware comparer when...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:52 p.m.5 views

GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...

6.3CVSS5.6AI score0.00236EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53221

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

9.8CVSS0.00559EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52316

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ip6 vti module where the vti6 tnl lookup function fails to correctly validate tunnels during fallback searches. When an exact tunnel match fails, the system search...

9.8CVSS6AI score0.00559EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

8.8CVSS6AI score0.0009EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-48516

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

7.5CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:9 p.m.4 views

CVE-2026-48516

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:9 p.m.21 views

CVE-2026-48516

MessagePack for C# (MessagePack-CSharp) prior to versions 2.5.301 and 3.1.7 constructs InterfaceLookupFormatter with a default Dictionary<TKey,IGrouping> comparer instead of the security-aware comparer from options.Security.GetEqualityComparer(). This can enable a hash-collision CPU denial-...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/22 9:9 p.m.24 views

CVE-2026-48516 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

6.3CVSS0.00231EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/22 9:9 p.m.6 views

CVE-2026-48516 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 4:16 p.m.4 views

DEBIAN-CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

6.1CVSS5.9AI score0.0009EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.14 views

CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS0.0009EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:28 p.m.8 views

EUVD-2026-38269

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:28 p.m.80 views

CVE-2026-54266

Angular’s HttpTransferCache uses a weak 32‑bit DJB2‑like hash to generate TransferState cache keys, enabling hash collisions that let attackers overwrite a victim’s cached SSR responses (state poisoning and potential data leakage) by visiting crafted links. This affects Angular versions prior to ...

8.8CVSS5.9AI score0.0009EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder