CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

EUVD-2026-39607

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

BIT-NODE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

CVE-2026-48617

CVE-2026-48617 describes a flaw in Node.js permission model enforcement that allows bypass via path misvalidation in process.report.writeReport(), potentially affecting confidentiality and integrity under affected configurations. Affected: all supported Node.js release lines (22, 24, 26). Impact ...

CVE-2025-9661

Summary: CVE-2025-9661: OS command injection in the management GUI (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28. Affected products/versions: Hitachi VSP One Block 23, 24, 26 and 28 (before DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00). Vulnerability: OS command in...