Lucene search
K

142 matches found

SUSE CVE
SUSE CVE
added 2026/06/30 1:49 a.m.7 views

SUSE CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.2CVSS5.8AI score0.00274EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 5:24 p.m.10 views

CVE-2026-13676

A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode Internationalized Domain Name - IDN hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when...

7.5CVSS5.7AI score0.00274EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 1:22 p.m.16 views

CVE-2026-13676

The CVE concerns the fast-uri library (versions 2.3.1–3.1.2 and 4.0.0) where the IDN host canonicalization path fails to normalize Unicode hosts for HTTP URLs. A helper used in IDN conversion does not exist on the global URL constructor, leaving the host in Unicode form while normalize() and equa...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Chromium

Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name...

4.3CVSS6.1AI score0.00724EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/12 12:0 a.m.13 views

Important: docker

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
EUVD
EUVD
added 2026/05/22 3:1 p.m.11 views

EUVD-2026-31449

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

10CVSS5.8AI score0.00478EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.8 views

AlmaLinux 10 : nodejs24 (ALSA-2026:7675)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7675 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

9.8CVSS7AI score0.26356EPSS
Exploits1References20
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.1 views

Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing

A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a malformed Internationalized Domain Name IDN to the url.format function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. Thi...

5.7CVSS6.4AI score0.00325EPSS
Exploits0References6
Amazon
Amazon
added 2026/04/13 12:0 a.m.5 views

Important: nodejs24

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.2AI score0.26356EPSS
Exploits1
OSV
OSV
added 2026/04/13 12:0 a.m.9 views

ALSA-2026:7670 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici:...

9.8CVSS5.8AI score0.26356EPSS
Exploits1References36
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.5 views

RHEL 10 : nodejs24 (RHSA-2026:7675)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7675 advisory. Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an...

9.8CVSS6.7AI score0.26356EPSS
Exploits1References38
OSV
OSV
added 2026/04/10 12:4 a.m.10 views

RLSA-2026:7350 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion...

7.5CVSS6.5AI score0.26356EPSS
Exploits1References19
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.5 views

Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing

A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a malformed Internationalized Domain Name IDN to the url.format function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. Thi...

5.7CVSS6.5AI score0.00325EPSS
Exploits0References6
Hacker One
Hacker One
added 2026/04/05 6:17 a.m.17 views

curl: no_proxy IDN mismatch: Unicode hostnames bypass proxy exclusion list

Summary Unicode IDN hostnames in noproxy are never converted to punycode before comparison, so they never match the request hostname which curl has already converted to punycode. A user who types noproxy="bücher.de" and requests http://bücher.de/ expects the proxy to be bypassed. Instead curl...

7.5CVSS6.6AI score0.1654EPSS
Exploits1
EUVD
EUVD
added 2026/03/30 6:31 p.m.5 views

EUVD-2026-17093

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References3
NVD
NVD
added 2026/03/30 4:16 p.m.5 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS0.00325EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 4:16 p.m.6 views

ALPINE-CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 3:13 p.m.31 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS0.00325EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/30 3:13 p.m.3 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.4AI score0.00325EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.5 views

Siemens SCALANCE and RUGGEDCOM Buffer Over-read (CVE-2024-6874)

libcurl's URL API function curlurlget offers punycode conversions, to and from IDN. Asking to convert a name that is exactly 256 bytes, libcurl ends up reading outside of a stack based buffer when built to use the macidn IDN backend. The conversion function then fills up the provided buffer exact...

4.3CVSS6.7AI score0.00786EPSS
Exploits1References4
Rows per page
Query Builder