Lucene search
K

945 matches found

OSV
OSV
added 2026/04/15 2:46 p.m.6 views

SUSE-SU-2026:1371-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS6.4AI score0.26356EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2026/04/15 2:16 p.m.14 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS5.8AI score0.26356EPSS
Exploits0References28
RedhatCVE
RedhatCVE
added 2026/04/14 6:12 p.m.3 views

CVE-2026-40164

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.7AI score0.00366EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/13 11:40 p.m.34 views

CVE-2026-40164 jq: Algorithmic complexity DoS via hardcoded MurmurHash3 seed

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS0.00366EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 11:40 p.m.4 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/13 11:40 p.m.9 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.3AI score0.00366EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/13 11:40 p.m.11 views

CVE-2026-40164

jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations, which allowed an attacker to precompute key collisions offline. By supplying a crafted JSO...

7.5CVSS5.8AI score0.00366EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/04/13 3:54 p.m.6 views

Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to 24.14.1 CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. CVE-2026-21710: uncaught TypeError exception can cause a denial ...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References36
OSV
OSV
added 2026/04/13 10:59 a.m.4 views

SUSE-SU-2026:21181-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

7.5CVSS5.8AI score0.26356EPSS
Exploits0References19
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.10 views

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

5.9CVSS6.6AI score0.00283EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.5 views

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

5.9CVSS6.6AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.7 views

PT-2026-32565

Name of the Vulnerable Software and Affected Versions jq versions prior to commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784 Description The software used MurmurHash3 with a hardcoded, publicly visible seed 0x432A9843 for all JSON object hash table operations. This allows an attacker to precompute...

8.2CVSS5.1AI score0.00559EPSS
Exploits5References112
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.6 views

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

5.9CVSS6.6AI score0.00283EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.8 views

PT-2026-31760

OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms to bypass allowlist policies and gain unauthorized access to protected Nextcloud Talk rooms...

4.2CVSS5.9AI score0.00241EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/07 6:15 p.m.4 views

Expected Behavior Violation

Overview @openclaw/zalo is an OpenClaw Zalo channel plugin Affected versions of this package are vulnerable to Expected Behavior Violation due to insufficient scoping of replay deduplication keys in webhook event processing. An attacker can cause legitimate messages from different conversations o...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.4 views

CVE-2026-35039

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

9.1CVSS5.9AI score0.00212EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 5:17 p.m.4 views

CVE-2026-35039

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

9.1CVSS0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/06 4:59 p.m.2 views

CVE-2026-35039

fast-jwt provides fast JSON Web Token JWT implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification proce...

9.1CVSS5.9AI score0.00212EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/06 7:58 a.m.10 views

BIT-NODE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

5.9CVSS6.5AI score0.00283EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 4:7 a.m.8 views

GHSA-RP9M-7R4C-75QG fast-jwt: Cache Confusion via cacheKeyBuilder Collisions Can Return Claims From a Different Token (Identity/Authorization Mixup)

NOTE: While the library exposes a mechanism which could introduce the vulnerability, this issue is created by developer-supplied code and not by the library itself. We will add a warning and some education for users around the possible issues however since the defaults work we will not be updatin...

9.1CVSS5.8AI score0.00212EPSS
Exploits0References4
Rows per page
Query Builder