Lucene search
K

847 matches found

OSV
OSV
added yesterday10 views

ROOT-APP-NPM-CVE-2026-1527 CVE-2026-1527 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1527 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

4.6CVSS5.9AI score0.00256EPSS
Exploits0
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-22036 CVE-2026-22036 in @rootio/undici - Patched by Root

Root has patched CVE-2026-22036 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

5.9CVSS5.9AI score0.00433EPSS
Exploits0
OSV
OSV
added yesterday19 views

ROOT-APP-NPM-CVE-2026-1526 CVE-2026-1526 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1526 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.0115EPSS
Exploits0
OSV
OSV
added yesterday11 views

ROOT-APP-NPM-CVE-2026-1525 CVE-2026-1525 in @rootio/undici - Patched by Root

Root has patched CVE-2026-1525 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

6.5CVSS5.9AI score0.00493EPSS
Exploits0
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2025-22150 CVE-2025-22150 in @rootio/undici - Patched by Root

Root has patched CVE-2025-22150 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

6.8CVSS7.6AI score0.00736EPSS
Exploits0
OSV
OSV
added yesterday8 views

ROOT-APP-NPM-CVE-2026-12151 CVE-2026-12151 in @rootio/undici - Patched by Root

Root has patched CVE-2026-12151 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00789EPSS
Exploits0
OSV
OSV
added yesterday9 views

ROOT-APP-NPM-CVE-2026-2229 CVE-2026-2229 in @rootio/undici - Patched by Root

Root has patched CVE-2026-2229 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00874EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2 days ago4 views

Security Bulletin: Vulnerability in undici bundled with IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage

Summary IBM Fusion, IBM Fusion HCI, and IBM Fusion Content-Aware Storage include the undici library, which is affected by a denial of service vulnerability. CVE-2026-22036 Vulnerability Details CVEID:CVE-2026-22036 DESCRIPTION: Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0,...

7.5CVSS6.7AI score0.00433EPSS
Exploits0Affected Software2
SUSE CVE
SUSE CVE
added 2026/07/07 3:21 p.m.9 views

SUSE CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/07/07 3:21 p.m.8 views

SUSE CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6AI score0.00476EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2026/07/07 12:3 a.m.9 views

nodejs:24 security, bug fix, and enhancement update

An update is available for nodejs-packaging, module.nodejs-nodemon, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

9.8CVSS7.1AI score0.02806EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS7AI score0.00789EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

undici: Undici: Information disclosure due to improper cache-control header parsing

A flaw was found in Undici. The cache interceptor in shared-cache mode incorrectly classifies certain responses as cacheable due to improper handling of whitespace-padded Cache-Control header field names. This vulnerability allows an unauthenticated attacker to access authenticated user data from...

5.9CVSS7AI score0.00374EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.7 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

undici: undici: Denial of Service due to unbounded memory growth via WebSocket frames

A flaw was found in undici. A malicious WebSocket server can exploit this by streaming numerous small or empty continuation frames. This can bypass per-frame and cumulative-size validation, leading to unbounded memory growth in the client process. The primary consequence is memory exhaustion,...

7.5CVSS7AI score0.00789EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing

A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...

8.8CVSS6.6AI score0.00358EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

undici: undici: Man-in-the-Middle attack via ignored TLS options with SOCKS5 proxy

A flaw was found in undici. When undici's ProxyAgent is configured with a SOCKS5 proxy Uniform Resource Identifier URI, it silently ignores Transport Layer Security TLS options, such as custom Certificate Authorities CAs. This allows a remote attacker to perform a Man-in-the-Middle MITM attack,...

7.4CVSS7AI score0.00476EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.4 views

undici: undici: Weakening of cookie SameSite policy due to incorrect parsing of Set-Cookie header

A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintend...

3.7CVSS7AI score0.00248EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.7 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 9:1 a.m.8 views

ROOT-APP-NPM-CVE-2026-6734 CVE-2026-6734 in @rootio/undici - Patched by Root

Root has patched CVE-2026-6734 in the @rootio/undici package for Root:npm. Multiple fixed versions available...

8.8CVSS6.4AI score0.00358EPSS
Exploits0
Rows per page
Query Builder