Lucene search
K

157 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames

A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service...

7.5CVSS6.7AI score0.00656EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.5 views

nodejs: Node.js: Certification validation bypass in TLS host verification

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS6.3AI score0.00258EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS0.00674EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/06/25 4:17 p.m.8 views

K000161911: Node.js vulnerability CVE-2026-48936

Security Advisory Description A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26. CVE-2026-48936 Impact There is no impact; F5 products are not...

3.3CVSS6AI score0.00154EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Node.js

A flaw in Node.js’s buffer allocation logic can expose uninitialized memory when allocations are interrupted, especially when using the vm module with the timeout option. Under certain timing conditions, buffers allocated using Buffer.alloc and other TypedArray instances like Uint8Array may conta...

7.1CVSS7.6AI score0.03493EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 6:59 p.m.4 views

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS5.9AI score0.00371EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability...

3.3CVSS6.7AI score0.00154EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2026/06/05 12:59 p.m.10 views

CVE-2026-0899 affecting package nodejs for versions less than 24.14.1-3

CVE-2026-0899 affecting package nodejs for versions less than 24.14.1-3. An upgraded version of the package is available that resolves this issue...

8.8CVSS7.5AI score0.00382EPSS
Exploits0
Hacker One
Hacker One
added 2026/06/04 1:45 a.m.32 views

Node.js: Incomplete Fix for CVE-2026-21637: OCSPRequest and resumeSession Events Crash Node.js TLS Server via Unhandled Synchronous Exceptions

Summary The March 2026 security release patched CVE-2026-21637 by wrapping SNICallback, ALPNCallback, and pskCallback invocations in try/catch blocks inside lib/internal/tls/wrap.js. That fix is present in v26.3.0. However, two other TLS callback paths in the same file were left unprotected: 1...

7.5CVSS6.1AI score0.01056EPSS
Exploits0
F5 Networks
F5 Networks
added 2026/05/14 12:39 a.m.23 views

K000161266: Node.js vulnerability CVE-2025-23166

Security Advisory Description The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism...

7.5CVSS7.3AI score0.00763EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.10 views

RHCOS 3 : OpenShift Container Platform 3.11 (RHSA-2018:3537)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3537 advisory. - kibana: Cross-site scripting via the source field formatter CVE-2018-3830 - nodejs: Out of bounds OOB write via UCS-2 encoding...

9.8CVSS7.3AI score0.86978EPSS
Exploits10References45
Redos
Redos
added 2026/04/17 12:0 a.m.5 views

ROS-20260417-73-0033

A vulnerability in the pskCallback and ALPNCallback functions of the Node.js software platform is related to incorrect resource sweep or release. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS7AI score0.01056EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.9 views

AlmaLinux 8 : nodejs:24 (ALSA-2026:7670)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7670 advisory. nodejs: Nodejs denial of service CVE-2026-21637 minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 undici: Undici:...

9.8CVSS5.9AI score0.26356EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.8 views

RHEL 8 : nodejs:20 (RHSA-2026:8339)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:8339 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.7CVSS6.8AI score0.26356EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.16 views

Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing

A flaw was found in Node.js. This vulnerability allows an attacker to cause a Denial of Service DoS by providing a malformed Internationalized Domain Name IDN to the url.format function. When processed, this malformed input triggers an internal error, causing the Node.js application to crash. Thi...

5.7CVSS6.4AI score0.00325EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.10 views

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...

3.3CVSS6.1AI score0.00158EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.8 views

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

7.5CVSS7.2AI score0.26356EPSS
Exploits0References5
Amazon
Amazon
added 2026/04/13 12:0 a.m.6 views

Important: nodejs24

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

7.5CVSS7.2AI score0.26356EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.12 views

RockyLinux 9 : nodejs:20 (RLSA-2026:7896)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7896 advisory. minimatch: minimatch: Denial of Service via specially crafted glob patterns CVE-2026-26996 minimatch: Minimatch: Denial of Service via catastrophic...

8.7CVSS7AI score0.26356EPSS
Exploits2References9
Chainguard
Chainguard
added 2026/04/11 2:19 a.m.4 views

GHSA-6R7G-3MM3-FHW7 vulnerabilities

Vulnerabilities for packages: nodejs...

5.8AI score
Exploits0
Rows per page
Query Builder