Lucene search
K

23 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.7 views

BIT-NODE-MIN-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References14
OSV
OSV
added 2026/06/29 5:48 a.m.4 views

BIT-NODE-MIN-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.7AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 2:16 a.m.3 views

ALPINE-CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

6.5CVSS7.1AI score0.00674EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39610

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:14 a.m.21 views

CVE-2026-48934

CVE-2026-48934 affects Node.js releases 22, 24, and 26. The described flaw enables TLS host identity verification bypass when a session is reused with a different servername, leading to possible unauthorized connections . Advisories (SUSE/OpenSUSE) indicate a patch in the nodejs26-26.3.1-1.1 pack...

4.3CVSS6.6AI score0.00258EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48934

A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.3CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 8:1 p.m.42 views

CVE-2026-47959 Acrobat Reader | Stack-based Buffer Overflow (CWE-121)

Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

7.8CVSS0.00174EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-34640

Media Encoder versions 26.0.2, 25.6.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.8 views

GHSA-WX45-VX6H-76CQ vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-17-openj9...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/05 7:18 p.m.13 views

GHSA-G75F-42VW-M3XV vulnerabilities

Vulnerabilities for packages: openjdk-25-openj9, openjdk-21-openj9, openjdk-11-openj9, openjdk-26-openj9, openjdk-8-openj9, openjdk-17-openj9...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

5.3CVSS5.8AI score0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 5:19 p.m.43 views

CVE-2026-34642 After Effects | Heap-based Buffer Overflow (CWE-122)

After Effects versions 26.0, 25.6.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 5:16 p.m.26 views

CVE-2026-34640

Media Encoder CVE-2026-34640 affects versions 26.0.2, 25.6.4 and earlier with an Integer Overflow or Wraparound (CWE-190). The issue could allow arbitrary code execution in the context of the current user and requires user interaction (victim must open a malicious file). These details confirm the...

7.8CVSS6.3AI score0.0017EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35448

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the BlockonomicsYPT plugin's check.php endpoint returns payment order data for any Bitcoin address without requiring authentication. The endpoint was designed as an AJAX polling helper for the authenticated invoice.php page...

3.7CVSS5.9AI score0.00318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.5 views

CVE-2026-34737

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, includin...

6.5CVSS6AI score0.00281EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.11 views

PT-2026-28541

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo allows content owners to password-protect individual videos. The video password is stored in the database in plaintext, without hashing, salting, or encryption. An attacker gaining re...

9.1CVSS5.9AI score0.00152EPSS
Exploits1References7
EUVD
EUVD
added 2025/12/22 9:30 p.m.4 views

EUVD-2024-24902

Iframe injection vulnerability in airc.pt/solucoes-servicos.solucoes MyNET v.26.06 and before allows a remote attacker to execute arbitrary code via the src parameter...

9.6CVSS7.7AI score0.00514EPSS
Exploits1References3
NVD
NVD
added 2025/11/04 2:15 a.m.4 views

CVE-2025-43447

The issue was addressed with improved memory handling. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory...

5.5CVSS0.00175EPSS
Exploits0References4
OSV
OSV
added 2025/11/04 2:15 a.m.3 views

CVE-2025-43383

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, iOS 18.7.2 and iPadOS 18.7.2, macOS Sequoia 15.7.2, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app...

4.3CVSS5.8AI score0.00915EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.5 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A cache mishandling vulnerability exists in Apple iOS and iPadOS, which can be exploited by attackers to cause malicious applications to track users...

7.5CVSS6.2AI score0.00411EPSS
Exploits0References1
Rows per page
Query Builder