Lucene search
K

5407 matches found

cvelist
cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.6CVSS0.00405EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39614

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/06/26 1:14 a.m.8 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.00405EPSS
Exploits0
debiancve
debiancve
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.5AI score0.00405EPSS
Exploits0
cve
cve
added 2026/06/26 1:14 a.m.103 views

CVE-2026-48930

CVE-2026-48930 affects Node.js 22.x, 24.x, and 26.x due to a flaw in TLS hostname handling where embedded-nul hostnames cause silent authority rebinding from c-string truncation in resolver bindings. Affected components are within Node.js TLS hostname resolution/verification paths. The vulnerabil...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/26 1:14 a.m.43 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.2CVSS0.00256EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 1:14 a.m.41 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS0.00674EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39610

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References1
euvd
euvd
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39613

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.2AI score0.00256EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/26 1:14 a.m.12 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS6.7AI score0.00674EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.2CVSS6.2AI score0.00256EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/26 1:14 a.m.22 views

CVE-2026-48928

CVE-2026-48928 affects Node.js releases 22/24/26. The issue is uppercase SNI context matching causing MTLS authorization bypass due to case-sensitive hostname matching in multi-context mTLS. SUSE indicates this CVE is fixed in nodejs24 update to 24.17.0; remediation is to upgrade to that version ...

5.4CVSS6.6AI score0.00256EPSS
Exploits0References1Affected Software1
debiancve
debiancve
added 2026/06/26 1:14 a.m.5 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.2AI score0.00256EPSS
Exploits0
debiancve
debiancve
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS6.7AI score0.00674EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS6.7AI score0.00674EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/06/26 1:14 a.m.6 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.6AI score0.00256EPSS
Exploits0
cve
cve
added 2026/06/26 1:14 a.m.203 views

CVE-2026-48618

CVE-2026-48618 is a Node.js TLS hostname handling issue involving unicode dot separator handling that can bypass wildcard-depth authentication due to resolver/verifier hostname normalization mismatches. Connected updates confirm the vulnerability affects Node.js 22, 24, and 26 across releases. SU...

7.7CVSS6.7AI score0.00674EPSS
Exploits0References1Affected Software1
ossf
ossf
added 2026/06/25 10:30 p.m.9 views

Malicious code in gx-npm-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e919710d2f28ec776b8165821ebe2fbe480c1e432ec9416c7b73bd1315ee6a6e Package published at version 99.99.99 under a generic name gx-npm-lib — the canonical dependency-confusion shape used to overshadow internal packages...

5.8AI score
Exploits0References2
osv
osv
added 2026/06/25 5:41 p.m.3 views

JLSEC-2026-628 Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's...

Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing...

6.3CVSS5.8AI score0.00282EPSS
Exploits0References5
redhat
redhat
added 2026/06/25 5:32 p.m.3 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS7.1AI score0.00939EPSS
Exploits0References8
Rows per page
Query Builder