Important: nodejs20

Issue Overview: A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called ...

CVE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

Uncontrolled Recursion

Overview protobuf is a Google’s data interchange format Affected versions of this package are vulnerable to Uncontrolled Recursion when parsing untrusted Protocol Buffers data containing an excessive number of recursive groups, recursive messages, or a series of SGROUP tags. An attacker can provi...

Arista Networks Extensible Operating System 安全漏洞

Arista Networks Extensible Operating System EOS is a scalable operating system for next-generation data center and cloud solutions from Arista Networks, Inc. in the United States. A security vulnerability exists in the Arista Networks Extensible Operating System that stems from specially crafted...