Lucene search
+L

11 matches found

OSV
OSV
added 2026/07/08 12:6 p.m.6 views

RLSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

8.1CVSS6.6AI score0.02806EPSS
Exploits1References14
OSV
OSV
added 2026/06/25 1:34 p.m.3 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.02806EPSS
Exploits3References43
OSV
OSV
added 2026/02/03 7:16 p.m.3 views

CVE-2025-52628

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

8.8CVSS5.6AI score0.0019EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:6 p.m.12 views

EUVD-2025-206688

HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0...

4.6CVSS5.1AI score0.0019EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a cross-site request forgery vulnerability that stems from a missing or insecure SameSite attribute of a cookie, and no detailed vulnerability details are provided at this time...

8.8CVSS5.7AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:42 p.m.2 views

Exposed Dangerous Method or Function

Overview typo3/cms-lowlevel is an Enables the 'Config' and 'DB Check' modules for technical analysis of the system. This includes raw database search, checking relations, counting pages and records etc. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via t...

6.5CVSS6.9AI score0.00222EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:42 p.m.2 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the backend user interface functionality involving deep links. An attacker can manipulate the state-changing actions and trigger unauthorized commands by deceiving a victim into interacting with a...

8.5CVSS7.1AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:40 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the backend user interface functionality involving deep links. An attacker can manipulate the session and perform unauthorized actions. Note: This is only exploitable if the...

8.8CVSS7AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.10 views

PT-2025-3145 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

4.3CVSS7AI score0.00239EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.8 views

PT-2025-3149 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

7.5CVSS7.5AI score0.00358EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.5 views

PT-2025-3150 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions prior to 11.5.42 ELTS TYPO3 versions prior to 12.4.25 LTS TYPO3 versions prior to 13.4.3 LTS Description: A vulnerability has been identified in the backend user interface functionality involving deep links, which is susceptibl...

5.4CVSS6.8AI score0.00186EPSS
Exploits0References9
Rows per page
Query Builder