7 matches found
nodejs:24 security, bug fix, and enhancement update
An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
Important: Red Hat Security Advisory: nodejs:22 security, bug fix, and enhancement update
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Important: nodejs:24 security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...
CVE-2026-11525 vulnerabilities
Vulnerabilities for packages: kibana, npm, code-server, actions-runner, haraka, prism, renovate, saf, node-gyp, pelias-api, vitess, py3-captum, gemini-cli...
UBUNTU-CVE-2026-11525
Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...
CVE-2026-11525
creationtimestamp| type| source ---|---|--- 2026-06-17 17:34:09+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3moitvr3dbc2g 2026-06-18 15:59:06+00:00| seen| https://bsky.app/profile/nodeland.dev/post/3mol72ndrtt2r 2026-06-23 12:01:44+00:00| seen|...
CVE-2026-11525
Impact: When undici parses a Set-Cookie header, it accepts any SameSite attribute value that contains Strict, Lax, or None as a substring, rather than the case-insensitive exact match specified by RFC 6265. Non-spec values are silently mapped to one of the three standard tokens. For example,...