Lucene search
K

73989 matches found

NVD
NVD
added 2026/03/30 8:16 p.m.3 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS0.26356EPSS
Exploits0References16
OSV
OSV
added 2026/03/30 8:16 p.m.4 views

UBUNTU-CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.3AI score0.26356EPSS
Exploits0References3
CVE
CVE
added 2026/03/30 7:7 p.m.30 views

CVE-2026-21710

Summary: CVE-2026-21710 is a denial-of-service-type issue in Node.js HTTP request handling triggered by a header named __proto__ accessed via req.headersDistinct, which can cause an uncaught TypeError and crash the process when dest["proto "] resolves to Object.prototype and .push() is called on ...

7.5CVSS6.7AI score0.26356EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:7 p.m.1 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.1AI score0.26356EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 7:7 p.m.2 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7AI score0.26356EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/30 7:7 p.m.1 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7AI score0.26356EPSS
Exploits0
Snyk
Snyk
added 2026/03/30 5:29 p.m.1 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the CapSoftwareVersion.DecodeFromBytes function. An attacker can cause a denial of service by remotely manipulating the data argument to trigger an off-by-one error. Remediation Upgrade...

6.3CVSS5.9AI score0.00409EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/30 5:29 p.m.2 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the CapSoftwareVersion.DecodeFromBytes function. An attacker can cause a denial of service by remotely manipulating the data argument to trigger an off-by-one error. Remediation Upgrade...

6.3CVSS5.9AI score0.00409EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 5:21 p.m.5 views

GHSA-3WW8-JW56-9F5H FHIR Validator: Unauthenticated Blind SSRF via /loadIG Endpoint Enables Internal Network Probing

Summary The /loadIG HTTP endpoint in the FHIR Validator HTTP service accepts a user-supplied URL via JSON body and makes server-side HTTP requests to it without any hostname, scheme, or domain validation. An unauthenticated attacker with network access to the validator can probe internal network...

5.8CVSS6AI score0.00235EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/30 5:19 p.m.6 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error in the ManagedWebAccessUtils.getServer function. An attacker can obtain authentication credentials by leveraging improper URL prefix matching during HTTP redirects, causing sensitive headers such as Bearer tokens...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/30 5:5 p.m.3 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through improper validation in the index decoding for version 4 files. An attacker with write access to the .git directory to modify or inject the index file can cause a panic and terminate the process...

6.9CVSS5.9AI score0.00153EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/03/30 3:45 p.m.12 views

kernel: macvlan: fix error recovery in macvlan_common_newlink()

A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/30 3:45 p.m.5 views

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

5.8AI score0.00183EPSS
Exploits0References5
OSV
OSV
added 2026/03/30 3:1 p.m.4 views

SUSE-SU-2026:20985-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References7
OSV
OSV
added 2026/03/30 3:1 p.m.8 views

SUSE-SU-2026:20963-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

5.5CVSS5.8AI score0.00216EPSS
Exploits1References7
OSV
OSV
added 2026/03/30 2:59 p.m.1 views

OPENSUSE-SU-2026:20448-1 Security update for expat

This update for expat fixes the following issues: - CVE-2026-32776: NULL pointer dereference when processing empty external parameter entities inside an entity declaration value bsc1259726. - CVE-2026-32777: denial of service due to infinite loop in DTD content parsing bsc1259711. - CVE-2026-3277...

5.5CVSS5.9AI score0.00216EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/03/30 11:32 a.m.11 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

8.8CVSS6.5AI score0.0024EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/03/30 11:32 a.m.2 views

kernel: macvlan: fix error recovery in macvlan_common_newlink()

A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/30 11:32 a.m.4 views

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

5.8AI score0.00183EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/30 11:5 a.m.5 views

kernel: macvlan: fix error recovery in macvlan_common_newlink()

A use-after-free vulnerability was found in the macvlan driver. When creating a macvlan interface in source mode fails after the source MAC has been added to the hash table e.g., due to an invalid interface name, the hash entry still references the freed netdevice structure. Subsequent packets...

7.8CVSS5.9AI score0.00119EPSS
Exploits0References5
Rows per page
Query Builder