Lucene search
K

699 matches found

Snyk
Snyk
added 6 days ago4 views

Uncaught Exception

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Uncaught Exception in the WebSocket listener routing, which dispatches requests for the...

8.2CVSS6.1AI score0.00593EPSS
Exploits0References2
NVD
NVD
added 6 days ago10 views

CVE-2026-59875

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS0.00291EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-59875 node-tar: Uncaught Exception DoS via NUL byte in PAX path/linkpath records

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS0.00291EPSS
Exploits0References3
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-59875

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.17, node-tar does not strip NUL bytes from PAX path and linkpath records in src/pax.ts, allowing a crafted archive with values to reach fs.lstat or fs.open and terminate the process with an uncaught exception. This issue is...

5.3CVSS5.9AI score0.00291EPSS
Exploits0
EUVD
EUVD
added 2026/07/07 3:49 a.m.6 views

EUVD-2026-42002

Uncaught Exception CWE-248 in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated and authorized operator to trigger a Controller restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior t...

2.7CVSS6AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/07/07 3:49 a.m.16 views

CVE-2026-27790

CVE-2026-27790 affects the T20 Readers integration within Command Centre. An uncaught exception (CWE-248) in the system allows an authenticated and authorized operator to trigger a restart by sending specific requests, causing a temporary denial of service. Affected versions include: 9.50 prior t...

2.7CVSS6AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 3:49 a.m.5 views

EUVD-2026-42001

Uncaught Exception CWE-248 in the T20 Readers allows an authenticated and authorized operator to trigger a restart by sending specific requests, resulting in a temporary denial of service. Version of Command Centre affected: 9.50 prior to vCR9.50.260616a distributed in 9.50.1587MR1 9.40 prior to...

2.7CVSS6AI score0.00227EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 7:21 a.m.6 views

MAL-2026-6457 Malicious code in subsearch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 04245cd013e6aa9edb766cf14249c9dd6abd19d6beb9671c22a1a8bbbff3d511 The package's main entry index.js is the only file of substance and is wrapped in obfuscator.io string-array + RC4 obfuscation that hides every liter...

6AI score
Exploits0References3
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:50 p.m.5 views

CVE-2026-50129

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-52083

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.11 Mastodon versions prior to 4.4.18 Mastodon versions prior to 4.3.24 Description A Denial of Service DoS can be triggered due to missing exception handling in the math sanitizer. Malformed nodes can cause a DoS...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References7
OSV
OSV
added 2026/06/23 1:27 p.m.2 views

SUSE-SU-2026:2584-1 Security update for exiv2

This update for exiv2 fixes the following issues - CVE-2021-34334: DoS due to integer overflow in loop counter bsc1189338. - CVE-2026-25884: out-of-bounds read in CrwMap: decode0x0805 bsc1259083. - CVE-2026-27596: integer overflow in LoaderNative: getData leads to out-of-bounds read bsc1259084. -...

8.1CVSS6.6AI score0.01104EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.6 views

Carrier Corporation i-VU Improper Validation of Array Index (CVE-2025-0657)

CWE-129 Improper Validation of Array Index vulnerability exists in Automated Logic WebCTRL and Carrier i-Vu Building Automation System products. Software uses an array index that has not been properly validated to ensure it falls within valid array bounds. This can result in out-of-bounds access,...

8.8CVSS5.7AI score0.00291EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:0 a.m.8 views

CVE-2026-12644

Versions of the package ts-deepmerge before 8.0.0 are vulnerable to Uncaught Exception due to the improper handling of built-in Object.prototype methods such as toString, valueOf. When user-controlled input contains these keys with non-function values, the resulting merged object becomes broken —...

6.9CVSS5.9AI score0.00308EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.19 views

PT-2026-50839

Name of the Vulnerable Software and Affected Versions ts-deepmerge versions prior to 8.0.0 Description An uncaught exception occurs due to improper handling of built-in Object.prototype methods, such as toString and valueOf. When user-controlled input contains these keys with non-function values,...

6.9CVSS5.8AI score0.00308EPSS
Exploits0References12
Snyk
Snyk
added 2026/06/11 1:27 p.m.8 views

Uncaught Exception

Overview @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Uncaught Exception via the handling of invalid incoming HTTP/2 stream initiation. An attacker can cause the server process to crash by sending a specially crafted malformed request. Remediation...

8.7CVSS5.4AI score0.00052EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 1:27 p.m.10 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception through the link validation. An attacker can cause the application to crash or become unresponsive by submitting deeply nested input that triggers an unhandled RangeError exception. This is only exploitable if input...

6.9CVSS5.3AI score0.00039EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/11 1:27 p.m.7 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception through the link validation. An attacker can cause the application to crash or become unresponsive by submitting deeply nested input that triggers an unhandled RangeError exception. This is only exploitable if input...

6.9CVSS5.3AI score0.00039EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 11:1 p.m.34 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 11:1 p.m.7 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS5.6AI score0.00301EPSS
Exploits0References3
Rows per page
Query Builder