Lucene search
+L

252 matches found

RedhatCVE
RedhatCVE
added 3 days ago5 views

CVE-2026-48125

A flaw was found in UAParser.js, a JavaScript library for detecting client information. A remote attacker can exploit this vulnerability by sending a specially crafted Sec-CH-UA-Model header when the application uses the Client Hints API. This can cause excessive CPU usage due to a regular...

5.3CVSS6AI score0.00371EPSS
Exploits0References6
OSV
OSV
added 4 days ago4 views

CVE-2026-48125 UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

UAParser.js is a JavaScript library to detect browsers, operating systems, CPUs, and devices from user-agent data. From 2.0.1 until 2.0.10, a regular expression denial-of-service vulnerability exists when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application th...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 8:15 p.m.36 views

UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.3CVSS5.4AI score0.00371EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49551

Name of the Vulnerable Software and Affected Versions UAParser.js versions 2.0.1 through 2.0.9 Description A regular expression denial-of-service ReDoS exists when using the Client Hints API. An attacker can cause excessive CPU consumption and a denial-of-service condition in server-side...

5.3CVSS6.1AI score0.00371EPSS
Exploits0References6
OSV
OSV
added 2026/05/14 10:15 p.m.6 views

MINI-PQMF-XMM3-8CH9

Bulletin has no description...

6.1CVSS5.7AI score0.00371EPSS
Exploits0
Circl
Circl
added 2026/05/11 3:10 p.m.10 views

CVE-2026-44774

creationtimestamp| type| source ---|---|--- 2026-05-11 15:10:49+00:00| published-proof-of-concept| https://github.com/traefik/traefik/security/advisories/GHSA-96qj-4jj5-wcjc 2026-05-12 23:15:01+00:00| seen| https://bsky.app/profile/dbt3.ch/post/3mlow66ezsf2e...

9.9CVSS5.3AI score0.00468EPSS
Exploits1References2
Circl
Circl
added 2026/04/23 9:26 p.m.3 views

GHSA-48M6-CH88-55MJ

creationtimestamp| type| source ---|---|--- 2026-04-23 21:26:31+00:00| seen| Telegram/BiTM4VWQdbYmMG43-mv447qo5-YjFbOvUme2BKAYDCNPPw...

4.8AI score
Exploits0
NVD
NVD
added 2026/04/23 12:16 a.m.9 views

CVE-2026-6874

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

5.3CVSS0.00257EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 11:30 p.m.4 views

CVE-2026-6874

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

5.3CVSS5.3AI score0.00257EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/20 6:31 p.m.8 views

EUVD-2026-23923

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...

7.5CVSS5.4AI score0.00182EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/20 5:0 p.m.36 views

CVE-2026-6662 ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...

7.5CVSS0.00182EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.21 views

PT-2026-33809

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...

7.5CVSS5.4AI score0.00182EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/27 12:51 a.m.4 views

Malicious Package

Overview shop-republik-ch is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/27 12:51 a.m.8 views

Malicious code in shop-republik-ch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/27 12:51 a.m.4 views

MAL-2026-2248 Malicious code in shop-republik-ch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector da3fe1a756db5b61e6883fb43ab2f27fd56333e302ad597c4bb9f1743b1f19b6 The package shop-republik-ch was found to contain malicious code. Source: ghsa-malware b68c5977e45306e58eda4d2345cb1ac0eba178c179064471f3327a30915e6d...

5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:18 a.m.25 views

CVE-2025-1386

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream...

5.9CVSS6.8AI score0.00368EPSS
Exploits0References1
NVD
NVD
added 2025/12/18 7:16 p.m.37 views

CVE-2025-65559

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request type=50, the UPF crashes with a reachable assertion in lib/pfcp/context.c ogspfcpobjectteidhashset if the CreatePDR?PDI?F-TEID has CH=1 and the F-TEID address-family flags IPv4/IPv6 do not...

7.5CVSS0.00373EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.4 views

Malicious code in guras-visa-ch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd77492c09f059a2c07e504bb3040c371b402b0d9999096613642f7d7a9f7a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
OSV
OSV
added 2025/11/12 4:47 p.m.3 views

MAL-2025-155471 Malicious code in guras-visa-ch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fd77492c09f059a2c07e504bb3040c371b402b0d9999096613642f7d7a9f7a4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/15 9:30 a.m.4 views

EUVD-2025-34600

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...

6AI score0.00197EPSS
Exploits0References9
Rows per page
Query Builder