Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-9678

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: Undici's cache interceptor incorrectly classifies some responses as cacheable when the upstream Cache-Control header uses whitespace-padded qualified...

5.9CVSS7.1AI score0.00374EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the...

8.8CVSS6.7AI score0.00323EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 2:28 p.m.11 views

EUVD-2026-37766

undici vulnerable to cross-user information disclosure via shared cache whitespace bypass...

5.9CVSS7AI score0.00374EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/17 6:21 p.m.8 views

Origin Validation Error

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Origin Validation Error in the Socks5ProxyAgent. An attacker can intercept or redirect sensitive data, including credentials and request payloads, to unintended origins b...

8.8CVSS6.4AI score0.00323EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:18 p.m.4 views

DEBIAN-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 6:18 p.m.12 views

CVE-2026-6734

Impact: When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This caus...

8.8CVSS0.00323EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/17 4:20 p.m.23 views

CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...

7.5CVSS0.00426EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 8:7 p.m.3 views

EUVD-2026-11703

Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References4
NVD
NVD
added 2026/03/12 9:16 p.m.4 views

CVE-2026-1528

ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0...

7.5CVSS0.00488EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.4 views

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2026:0457-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0457-1 advisory. - Update to 20.20.0: - CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 - CVE-2025-59465: Add TLSSocket default error handler...

9.1CVSS7AI score0.03782EPSS
Exploits2References22
OSV
OSV
added 2026/02/11 9:25 a.m.1 views

SUSE-SU-2026:0435-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: - Update to 20.20.0: - CVE-2026-22036: Updated undici to 6.23.0 bsc1256848 - CVE-2025-59465: Add TLSSocket default error handler bsc1256573 - CVE-2025-55132: Disable futimes when permission model is enabled bsc1256571 - CVE-2025-55130: Require...

9.1CVSS7.3AI score0.03782EPSS
Exploits2References15
Rows per page
Query Builder