nodejs:22 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RLSA-2026:7123 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

Tenda i3 路径遍历漏洞

The Tenda i3 is a wireless access point device produced by the Chinese company Tenda. The version Tenda i3 1.0.0.62204 contains a path traversal vulnerability. This vulnerability stems from a path traversal issue within the R7WebsSecurityHandler function in the HTTP Handler component, which may...

PT-2026-31668

Name of the Vulnerable Software and Affected Versions Tenda CH22 version 1.0.0.6468 Description A path traversal issue exists in the httpd component, specifically within the R7WebsSecurityHandlerfunction function. This allows for remote manipulation. The exploit is publicly available...

PT-2026-31629

A memory exhaustion vulnerability exists in the HTTP server due to unbounded use of the Content-Length header. The server allocates memory directly based on the attacker supplied header value without enforcing an upper limit. A crafted HTTP request containing an extremely large Content-Length val...

RockyLinux 9 : nodejs:24 (RLSA-2026:7350)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7350 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

Tenda i12 路径遍历漏洞

The Tenda i12 is a ceiling-mounted wireless access point produced by the Chinese company Tenda. The version Tenda i12 1.0.0.113862 contains a path traversal vulnerability. This vulnerability stems from a path traversal issue in the HTTP Handler component, which may lead to path traversal attacks...

RockyLinux 9 : nodejs:22 (RLSA-2026:7302)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:7302 advisory. brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547 minimatch: minimatch: Denial of Service via...

PT-2026-31715

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

PT-2026-31695

Name of the Vulnerable Software and Affected Versions V2Board versions 1.6.1 through 1.7.4 and Xboard versions through 0.1.9 Description V2Board and Xboard are affected by an issue where authentication tokens are exposed in the HTTP response bodies of the loginWithMailLink endpoint when the login...

API Lab MCP 代码问题漏洞

API Lab MCP is an AI-driven API testing laboratory developed by YoungEun Lee. It supports natural language interaction and automatic documentation generation. Versions of API Lab MCP prior to 0.2.1 contained code vulnerabilities. These vulnerabilities were caused by incorrect parameter handling i...

Important: nginx:1.26 security update

nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security Fixes: nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-32647 NGINX: NGINX: Denial of Service or file...

PT-2026-31566

Name of the Vulnerable Software and Affected Versions atototo api-lab-mcp versions up to 0.2.1 Description A weakness exists in the HTTP Interface component of atototo api-lab-mcp. Manipulation of the source/url argument within the analyze api spec/generate test scenarios/test http endpoint...

RHEL 9 : nodejs:22 (RHSA-2026:7302)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7302 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RHEL 10 : nodejs22 (RHSA-2026:7310)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7310 advisory. Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an...

Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion...

CLSA-2026-1775688811 Fix CVE(s): CVE-2026-32748, CVE-2026-33526

SECURITY UPDATE: denial of service via use-after-free in ICP - debian/patches/CVE-2026-33526.patch: remove duplicate rfc1738escape call in icpGetRequest that invalidated the previously escaped URL pointer - CVE-2026-33526 SECURITY UPDATE: denial of service via use-after-free in ICP request handli...

Memory Allocation with Excessive Size Value

Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the UploadTraces, UploadMetrics, and uploadLogs response-handling paths in exporters/otlp/otlptrace/otlptracehttp/client.go, exporters/otlp/otlpmetric/otlpmetrichttp/client.go, and...

EUVD-2025-209363

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the httplanport parameter in the /webgl.asp endpoint...

EUVD-2025-209345

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /urlrule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log...