Lucene search
K

1159 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.9 views

Fedora 44 : cpp-httplib (2026-1b15ac058b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1b15ac058b advisory. Update to 0.48.0 rhbz2481109 Security fixes - Complete the IP-host certificate identity fix from v0.47.0 for the Mbed TLS and wolfSSL backends. An...

9.9CVSS6.1AI score0.00327EPSS
Exploits4References6
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.5 views

Fedora 43 : cpp-httplib (2026-1d4bd0354a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-1d4bd0354a advisory. Update to 0.48.0 rhbz2481109 Security fixes - Complete the IP-host certificate identity fix from v0.47.0 for the Mbed TLS and wolfSSL backends. An...

9.9CVSS6.1AI score0.00327EPSS
Exploits5References7
OSV
OSV
added 2026/07/01 6:16 p.m.3 views

GHSA-PVRJ-8CG3-J5F8 auth-fetch-mcp has SSRF Protection Bypass via IPv4-mapped IPv6 Loopback

SSRF Protection Bypass via IPv4-mapped IPv6 Loopback Summary auth-fetch-mcp v3.0.1 implements SSRF protection in assertSafeUrl src/security.ts to block requests to private and loopback addresses. However, the isPrivateV6 function fails to detect IPv4-mapped IPv6 loopback addresses in their...

7.4CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/06/26 10:21 p.m.10 views

EUVD-2026-38060

js-toml vulnerable to CPU exhaustion via On^2 BigInt construction on radix-prefixed integer literals...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4
OSV
OSV
added 2026/06/26 10:21 p.m.3 views

GHSA-WP3C-266W-4QFQ js-toml vulnerable to CPU exhaustion via O(n^2) BigInt construction on radix-prefixed integer literals

Summary js-toml versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration performs a BigInt BigInt operation on an accumulator that grows linearl...

7.5CVSS6AI score0.00415EPSS
Exploits1References5
NVD
NVD
added 2026/06/24 5:17 p.m.10 views

CVE-2026-52972

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

7CVSS0.0014EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: Do not dump the entire memory region. The current logic in cperprintfwerr does not check whether the length of the error record is sufficient to handle the offset. In a faulty firmware, if the offset is greater than the...

5.5CVSS6AI score0.00123EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 2:12 p.m.9 views

Malicious code in @outmarket/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2cd90f0d706cda01a5740f120f6e8d22ae57d907a5000854439c201b3c53a8c0 package.json declares a postinstall lifecycle script that fires automatically on npm install. The inline node -e payload uses hex-encoded property...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/23 12:59 p.m.9 views

JLSEC-2026-618 HTTP/1 request smuggling via bare-LF, lenient chunk size, and TE/CL handling in HTTP.jl server

Description The HTTP/1 server request parser had three framing primitives that could make HTTP.jl disagree with a fronting proxy about message boundaries on a reused keep-alive connection. 1 readlinecrlf tolerated a bare LF on its buffered fast path but required CRLF on the slow path, so the...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/06/19 7:16 p.m.17 views

CVE-2026-49293

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS0.00415EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 6:14 p.m.4 views

CVE-2026-49293

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written parseBigInt loop that multiplies a BigInt accumulator by the radix once per input digit. Each iteration...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51007

Name of the Vulnerable Software and Affected Versions js-toml versions prior to 1.1.1 Description The software contains a quadratic time complexity issue during the parsing of hexadecimal, octal, and binary integer literals. This occurs because the parseBigInt function uses a loop that performs a...

7.5CVSS5.8AI score0.00415EPSS
Exploits1References13
OSV
OSV
added 2026/06/18 10:28 p.m.9 views

MAL-2026-6141 Malicious code in clx-cookie-signature (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9e0e91601d276764067b1b209efd17a1f59ef03ff4fc814bcb22c495f4a0f9b3 Package impersonates the popular cookie-signature library copying its README, author field 'TJ Holowaychuk ', and sign/unsign API, but index.js adds ...

6AI score
Exploits0References2
OSV
OSV
added 2026/06/17 4:42 p.m.6 views

EEF-CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark

Summary Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':\make\att1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal...

4.8CVSS5.1AI score0.00133EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/13 3:3 a.m.16 views

Malicious code in vite-config-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...

5.5AI score
Exploits0References1
OSV
OSV
added 2026/06/13 3:3 a.m.13 views

MAL-2026-5727 Malicious code in vite-config-optimizer (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f824c077d7d2705d17dc29eba9a24ea8b51b93785bcf83fdfe639fc8f9bc581f package.json declares a postinstall hook node -e "require'./loader.js'" that auto-executes on every npm install. loader.js spawns a detached child No...

5.6AI score
Exploits0References1
OSV
OSV
added 2026/06/11 4:55 p.m.8 views

MGASA-2026-0196 Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

7.5CVSS5.4AI score0.00576EPSS
Exploits0References3
Mageia
Mageia
added 2026/06/11 4:55 p.m.12 views

Updated erlang-hex_core & erlang-rebar3 packages fix security vulnerability

Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hexcore hexapi modules, hexpm hex mixhexapi modules, erlang rebar3 r3hexapi modules allows Object Injection, Excessive Allocation. This vulnerability is associated with program files src/hexapi.erl,...

7.5CVSS5.4AI score0.00576EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 1:57 p.m.8 views

Malicious Package

Overview hex-type is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 5:6 a.m.17 views

Malicious code in webpack-cache-cycle (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 82fa37e2478a7109e376e3a062ccb203806511033930eb7390e45fe7ef404b81 On npm install, package.json's postinstall hook runs node -e "require'./loader.js'". loader.js spawns a detached node process that decodes a...

5.5AI score
Exploits0References1
Rows per page
Query Builder