23 matches found
BIT-NODE-MIN-2026-48933
A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
BIT-NODE-MIN-2026-48928
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
ALPINE-CVE-2026-48618
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
EUVD-2026-39610
A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...
CVE-2026-48934
CVE-2026-48934 affects Node.js releases 22, 24, and 26. The described flaw enables TLS host identity verification bypass when a session is reused with a different servername, leading to possible unauthorized connections . Advisories (SUSE/OpenSUSE) indicate a patch in the nodejs26-26.3.1-1.1 pack...
CVE-2026-48934
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...
CVE-2026-47959 Acrobat Reader | Stack-based Buffer Overflow (CWE-121)
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...
CVE-2026-34640
Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
GHSA-WX45-VX6H-76CQ vulnerabilities
Vulnerabilities for packages: openjdk-25-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-17-openj9...
GHSA-G75F-42VW-M3XV vulnerabilities
Vulnerabilities for packages: openjdk-25-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-17-openj9...
Oracle REST Data Services 安全漏洞
Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...
CVE-2026-34642 After Effects | Heap-based Buffer Overflow (CWE-122)
After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34640
Media Encoder CVE-2026-34640 affects versions 26.0.2, 25.6.4 and earlier with an Integer Overflow or Wraparound (CWE-190). The issue could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). These details confirm the...
CVE-2026-35448
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...
CVE-2026-34737
WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, includin...
PT-2026-28541
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext, without hashing, salting, or encryption. An attacker gaining re...
EUVD-2024-24902
Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...
CVE-2025-43447
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory...
CVE-2025-43383
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A cache mishandling vulnerability exists in Apple iOS and iPadOS, which can be exploited by attackers to cause malicious applications to track users...