Lucene search
+L

722 matches found

CVE
CVE
added yesterday28 views

CVE-2026-48049

The CVE-2026-48049 issue affects @hapi/inert (versions 4.0.0–7.1.0). A confinement bypass was caused by a flawed raw string-prefix path check, allowing an unauthenticated remote attacker to read files via traversal (e.g., /..%2fstatic-secret/secret.txt). The vulnerability is mitigated by upgradin...

5.3CVSS5.4AI score0.00062EPSS
Exploits0References4
CVE
CVE
added yesterday48 views

CVE-2026-48022

The CVE concerns @hapi/wreck, an HTTP client utility. Before version 18.1.2, it forwarded credential headers (Authorization, Cookie, Proxy-Authorization) across cross-origin redirects because the origin check only compared hostnames and ignored scheme and port. This allowed credentials to flow ac...

6.5CVSS5.3AI score0.0001EPSS
Exploits0References4
CVE
CVE
added yesterday35 views

CVE-2026-44979

CVE-2026-44979 affects the @hapi/wreck HTTP client. Before 18.1.1, when following a 3xx redirect to a different hostname, the Proxy-Authorization header was not stripped (unlike Authorization and Cookie), potentially exposing forward-proxy credentials to the redirect target. The issue is fixed in...

6.3CVSS5.2AI score0.00054EPSS
Exploits0References4
CVE
CVE
added yesterday11 views

CVE-2026-49485

Summary: CVE-2026-49485 affects HAPI FHIR’s FHIRPathEngine (matches(), matchesFull(), replaceMatches()) where user-controlled regex patterns are compiled via Java’s regex engine, enabling ReDoS and CPU exhaustion. The issue exists in implementations prior to version 6.9.9 and 6.9.4.2. An attacker...

7.5CVSS5.5AI score
Exploits0References6
Cvelist
Cvelist
added yesterday22 views

CVE-2026-44974 Parameter smuggling in @hapi/content header parser allows upload-filter bypass via duplicate parameters

@hapi/content provided HTTP Content- headers parsing. Prior to 6.0.2, Content.disposition retained the last occurrence of each duplicate parameter while Content.type retained the first occurrence of duplicate charset and boundary parameters, creating a parameter-smuggling primitive when another...

7.7CVSS0.00052EPSS
Exploits0References2
CVE
CVE
added yesterday39 views

CVE-2026-44974

CVE-2026-44974 affects the @hapi/content header parser. Before v6.0.2, Content.disposition() kept the last value for duplicate parameters while Content.type() kept the first for duplicate charset/boundary parameters, creating a parameter-smuggling primitive when duplicates are resolved inconsiste...

7.7CVSS5.2AI score0.00052EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-45367

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.7, the FHIRPathEngine implementation passes user-controlled regular expressions from matches, matchesFull, and replaceMatches to Java regex operations without effective timeouts,...

7.5CVSS0.00489EPSS
Exploits0References6
CVE
CVE
added 2 days ago28 views

CVE-2026-45367

CVE-2026-45367 affects HAPI FHIR DSTU2 module (org.hl7.fhir.dstu2) where FHIRPathEngine.matches() still calls String.matches() without a timeout, enabling potential ReDoS via user-supplied FHIRPath expressions. Other modules (DSTU2016MAY, DSTU3, R4, R4B, R5) have RegexTimeout protection and are f...

7.5CVSS6.1AI score0.00489EPSS
Exploits0References6
OSV
OSV
added 2 days ago3 views

CVE-2026-45367 HAPI FHIR: ReDoS via FHIRPath matches()/replaceMatches() in FHIR Validator HTTP Endpoint

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.7, the FHIRPathEngine implementation passes user-controlled regular expressions from matches, matchesFull, and replaceMatches to Java regex operations without effective timeouts,...

7.5CVSS6.1AI score0.00489EPSS
Exploits0References8
OSV
OSV
added 2 days ago19 views

ROOT-APP-MAVEN-CVE-2026-33180 CVE-2026-33180 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root

Root has patched CVE-2026-33180 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...

8.2CVSS5.8AI score0.00264EPSS
Exploits0
OSV
OSV
added 2 days ago9 views

ROOT-APP-MAVEN-CVE-2026-55470 CVE-2026-55470 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 - Patched by Root

Root has patched CVE-2026-55470 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00374EPSS
Exploits1
OSV
OSV
added 2 days ago16 views

ROOT-APP-MAVEN-CVE-2026-34361 CVE-2026-34361 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.validation - Patched by Root

Root has patched CVE-2026-34361 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.validation package for Root:Maven. Multiple fixed versions available...

9.3CVSS5.8AI score0.00299EPSS
Exploits1
OSV
OSV
added 2 days ago14 views

ROOT-APP-MAVEN-CVE-2026-34359 CVE-2026-34359 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities - Patched by Root

Root has patched CVE-2026-34359 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.utilities package for Root:Maven. Multiple fixed versions available...

9.1CVSS5.8AI score0.00158EPSS
Exploits1
OSV
OSV
added 2 days ago17 views

ROOT-APP-MAVEN-CVE-2026-45367 CVE-2026-45367 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 - Patched by Root

Root has patched CVE-2026-45367 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.dstu2 package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00489EPSS
Exploits0
OSV
OSV
added 2 days ago14 views

ROOT-APP-MAVEN-CVE-2026-34360 CVE-2026-34360 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core - Patched by Root

Root has patched CVE-2026-34360 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.core package for Root:Maven. Multiple fixed versions available...

5.8CVSS5.4AI score0.00235EPSS
Exploits1
OSV
OSV
added 2 days ago5 views

ROOT-APP-MAVEN-CVE-2026-49485 CVE-2026-49485 in io.root.ca.uhn.hapi.fhir:org.hl7.fhir.validation - Patched by Root

Root has patched CVE-2026-49485 in the io.root.ca.uhn.hapi.fhir:org.hl7.fhir.validation package for Root:Maven. Multiple fixed versions available...

7.5CVSS6.1AI score
Exploits0
OSV
OSV
added 5 days ago6 views

ROOT-APP-NPM-CVE-2026-48049 CVE-2026-48049 in @rootio/hapi__inert - Patched by Root

Root has patched CVE-2026-48049 in the @rootio/hapiinert package for Root:npm. Multiple fixed versions available...

5.3CVSS6.1AI score0.00062EPSS
Exploits0
OSV
OSV
added 2026/07/10 9:17 a.m.3 views

ROOT-APP-NPM-CVE-2026-48022 CVE-2026-48022 in @rootio/hapi__wreck - Patched by Root

Root has patched CVE-2026-48022 in the @rootio/hapiwreck package for Root:npm. Multiple fixed versions available...

6.5CVSS6.1AI score0.0001EPSS
Exploits0
OSV
OSV
added 2026/07/10 9:17 a.m.7 views

ROOT-APP-NPM-CVE-2026-44979 CVE-2026-44979 in @rootio/hapi__wreck - Patched by Root

Root has patched CVE-2026-44979 in the @rootio/hapiwreck package for Root:npm. Multiple fixed versions available...

6.3CVSS5.8AI score0.00054EPSS
Exploits0
NVD
NVD
added 2026/07/08 10:17 p.m.7 views

CVE-2026-55471

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, org.hl7.fhir.utilities.XsltUtilities saxonTransform... overloads instantiated a bare net.sf.saxon.TransformerFactoryImpl without ACCESSEXTERNALDTD or ACCESSEXTERNALSTYLESHEET...

9.1CVSS0.00315EPSS
Exploits1References3
Rows per page
Query Builder