Lucene search
K

30 matches found

OSV
OSV
added 6 days ago3 views

ALPINE-CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

6.5CVSS7.1AI score0.00674EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-39610

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References1
CVE
CVE
added 6 days ago19 views

CVE-2026-48934

CVE-2026-48934 affects Node.js releases 22, 24, and 26. The described flaw enables TLS host identity verification bypass when a session is reused with a different servername, leading to possible unauthorized connections . Advisories (SUSE/OpenSUSE) indicate a patch in the nodejs26-26.3.1-1.1 pack...

4.3CVSS6.6AI score0.00258EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 6 days ago38 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS0.00258EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 7:16 p.m.3 views

ALPINE-CVE-2026-48937

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS6.1AI score0.00445EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 6:1 p.m.9 views

EUVD-2026-37928

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS5.4AI score0.00445EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.6 views

CVE-2026-46855

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Metadata Plugin. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...

9.9CVSS0.00441EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:1 p.m.36 views

CVE-2026-47959 Acrobat Reader | Stack-based Buffer Overflow (CWE-121)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS0.00174EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.8 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/05/26 12:0 a.m.22 views

May 26, 2026—KB5089573 (OS Builds 26200.8524 and 26100.8524) Preview

May 26, 2026—KB5089573 OS Builds 26200.8524 and 26100.8524 Preview ​​​​This cumulative update for Windows 11, version 25H2 and 24H2 KB5089573, includes production-quality improvements. Visit the Windows release health dashboard for the latest status on this release. Announcements and messages Thi...

5.5AI score
Exploits0
Microsoft KB
Microsoft KB
added 2026/04/14 2:0 p.m.35 views

April 14, 2026—KB5083769 (OS Builds 26200.8246 and 26100.8246)

April 14, 2026—KB5083769 OS Builds 26200.8246 and 26100.8246 This cumulative update for Windows 11, version 25H2 and 24H2 KB5083769, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences...

9.8CVSS6.9AI score0.5585EPSS
Exploits7
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:7 p.m.1 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.1AI score0.26356EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/19 10:46 p.m.18 views

CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal

LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passe...

8.6CVSS0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/31 9:13 p.m.6 views

CVE-2024-9432

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS5.9AI score0.00091EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/30 6:31 p.m.6 views

CVE-2024-9432 Cleartext Storage of Sensitive Information vulnerability has been discovered in OpenText™ Vertica.

Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects Vertica versions: 23.X, 24.X, 25.X...

6.9CVSS5.9AI score0.00091EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 2:47 p.m.6 views

BIT-NODE-MIN-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS6AI score0.01633EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/09/09 8:49 p.m.9 views

CVE-2025-54241 After Effects | Out-of-bounds Read (CWE-125)

After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

5.5CVSS0.00203EPSS
Exploits0References1
NVD
NVD
added 2025/08/12 9:15 p.m.5 views

CVE-2025-54221

InCopy versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00234EPSS
Exploits0References1
OSV
OSV
added 2025/08/12 9:15 p.m.2 views

CVE-2025-54220

InCopy versions 20.4, 19.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score
Exploits0References1
OSV
OSV
added 2025/08/12 9:15 p.m.2 views

CVE-2025-54208

InDesign Desktop versions 20.4, 19.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.3AI score0.00211EPSS
Exploits0References1
Rows per page
Query Builder