CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

241 matches found

CVE•added 2026/03/27 8:1 p.m.•6 views

CVE-2026-33872

CVE-2026-33872 affects elixir-nodejs prior to 3.1.4. A race condition in the worker protocol enables Cross-User Data Leakage due to lack of request–response correlation, potentially returning data intended for a different user in high‑throughput/ concurrent scenarios. The vulnerability can disclo...

7.1CVSS6AI score0.00036EPSS

Exploits0References4

CNNVD•added 2026/03/27 12:0 a.m.•2 views

elixir-nodejs 竞争条件问题漏洞

Elixir-nodejs is an open-source project by Revelry that serves as an Elixir API for calling Node.js functions. Versions of elixir-nodejs prior to 3.1.4 contained a race condition vulnerability. This vulnerability stemmed from race conditions in the working protocol, which led to the loss of...

7.1CVSS5.8AI score0.00036EPSS

Exploits0References5

Github Security Blog•added 2026/03/26 6:23 p.m.•1 views

elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition

Impact This vulnerability results in Cross-User Data Leakage or Information Disclosure due to a race condition in the worker protocol. The lack of request-response correlation creates a "stale response" vulnerability. Because the worker does not verify which request a response belongs to, it may...

7.1CVSS6AI score0.00036EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2026/03/26 12:0 a.m.•1 views

PT-2026-28543

Name of the Vulnerable Software and Affected Versions elixir-nodejs versions prior to 3.1.4 Description elixir-nodejs is an Elixir API for calling Node.js functions. A flaw exists due to a race condition in the worker protocol, leading to Cross-User Data Leakage or Information Disclosure. The...

7.1CVSS5.9AI score0.00036EPSS

Exploits0References8

NVD•added 2026/02/26 8:31 p.m.•5 views

CVE-2026-23939

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in hexpm hexpm/hexpm 'Elixir.Hexpm.Store.Local' module allows Relative Path Traversal. This vulnerability is associated with program files lib/hexpm/store/local.ex and program routines...

7.5CVSS0.00081EPSS

Exploits0References4

EUVD•added 2026/02/26 7:41 p.m.•2 views

EUVD-2026-8886

6.9CVSS5.5AI score0.00081EPSS

Exploits0References2

Positive Technologies•added 2026/02/26 12:0 a.m.•3 views

PT-2026-22180

Name of the Vulnerable Software and Affected Versions hexpm versions prior to 5d2ccd2f14f45a63225a73fb5b1c937baf36fdc0 Description A path traversal issue exists in hexpm’s Local Storage backend, impacting self-hosted deployments. The issue resides within the 'Elixir.Hexpm.Store.Local' module and...

6.9CVSS5.9AI score0.00081EPSS

Exploits0References6

ATTACKERKB•added 2026/01/19 2:22 p.m.•3 views

CVE-2026-21618

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in hexpm hexpm/hexpm 'Elixir.HexpmWeb.SharedAuthorizationView' modules allows Cross-Site Scripting XSS. This vulnerability is associated with program files...

8.5CVSS5.3AI score0.00067EPSS

Exploits0References3Affected Software1

EUVD•added 2026/01/19 2:22 p.m.•2 views

EUVD-2026-3322

8.5CVSS5.4AI score0.00067EPSS

Exploits0References2

Positive Technologies•added 2026/01/19 12:0 a.m.•2 views

PT-2026-3443

8.5CVSS5.4AI score0.00067EPSS

Exploits0References3

RedhatCVE•added 2025/10/20 9:27 p.m.•5 views

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

8.6CVSS7AI score0.00035EPSS

Exploits0References1

NVD•added 2025/10/17 2:15 p.m.•2 views

CVE-2025-48044

8.6CVSS0.00035EPSS

Exploits0References4

OSV•added 2025/10/17 2:15 p.m.•3 views

CVE-2025-48044

8.6CVSS7AI score0.00035EPSS

Exploits0References2

EUVD•added 2025/10/13 1:33 p.m.•2 views

EUVD-2025-33747

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies...

8.6CVSS6.4AI score0.00118EPSS

Exploits0References4

Vulnrichment•added 2025/10/10 3:57 p.m.•3 views

CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

8.6CVSS6.6AI score0.00118EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2020-21937

Malware in sbrugna...

10CVSS9.5AI score0.02074EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2012-0007

Malware in sbrugna...

4.3CVSS6.1AI score0.00464EPSS

Exploits0References9