Lucene search
K

93 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 5:3 p.m.4 views

Security Bulletin: Vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring Security, Apache Tomcat, Netty, Lodash, Spring Framework and Node.js. Vulnerabilities include the authentication, authorization, and other security controls being rendered inactive on intended requests,...

8.2CVSS7.3AI score0.01594EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/06/26 8:51 a.m.5 views

BIT-NODE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS5.8AI score0.00371EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/06/18 4:21 p.m.43 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS0.00208EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/16 7:46 p.m.10 views

Malicious code in motion-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0dec07d83d6427eb2c76e0ab74e5f31f424e769c187e6d48df0de3575df2e176 [email protected] masquerades as a pino-style logger exports module.exports.pino, ships proto.js/multistream.js/transport.js/redaction.js/levels.js,...

6.5AI score
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/11 8:54 p.m.8 views

USN-8425-1: njs vulnerability

It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service...

9.8CVSS6.3AI score0.00889EPSS
Exploits0
OSV
OSV
added 2026/05/27 8:16 p.m.9 views

UBUNTU-CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.3AI score0.0062EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/08 3:14 a.m.91 views

CVE-2026-41646 Nuclei: Local File Read via require() Module Loader Bypass

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file acce...

5.5CVSS0.00114EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/29 9:0 p.m.11 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publish tampered versions of the deep learning framework. Malicious Behavior The execution chain ru...

9.8CVSS6AI score0.00392EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 7:58 p.m.69 views

GHSA-29RG-WMCW-HPF4 Nuclei: Local File Read via require() Module Loader Bypass

A vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to read local .js and .json files through the require function, bypassing the default local file access restriction. Affected Component The issue is in the JavaScript runtime's module loading system. The goja...

5.5CVSS6AI score0.00114EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.8 views

Oracle Linux 10 : nodejs24 (ELSA-2026-7675)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-7675 advisory. 1:24.14.1-2.0.2 - Rebuild to correct NVR 1:24.14.1-2.0.1 - Update upstream references Tenable has extracted the preceding description block directly...

9.8CVSS7.1AI score0.26356EPSS
Exploits1References19
RedHat Linux
RedHat Linux
added 2026/04/09 1:4 p.m.13 views

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

7.5CVSS7.2AI score0.26356EPSS
Exploits0References5
OSV
OSV
added 2026/03/30 4:16 p.m.6 views

ALPINE-CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 3:13 p.m.2 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/11 7:8 a.m.6 views

CVE-2026-30925

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...

8.2CVSS5.8AI score0.00446EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 5:48 p.m.2 views

CVE-2026-29091

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution RCE flaw was discovered in the locutus project, specifically within the calluserfuncarray function implementation. The vulnerability allows an attacker to...

8.1CVSS6.3AI score0.00786EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/03/02 9:15 a.m.3 views

firefox: thunderbird: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component...

7.5CVSS5.7AI score0.00285EPSS
Exploits0References6
OSV
OSV
added 2026/02/18 9:5 a.m.7 views

RLSA-2026:2782 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

7.5CVSS5.6AI score0.03782EPSS
Exploits2References7
Fedora
Fedora
added 2026/01/31 5:32 p.m.8 views

[SECURITY] Fedora 43 Update: nodejs22-22.22.0-2.fc43

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

9.1CVSS7AI score0.03782EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/01/22 6:14 a.m.8 views

CVE-2026-23956

A flaw was found in seroval, a JavaScript JS value stringification library. A remote attacker could exploit this vulnerability by providing specially crafted regular expressions during deserialization. This could lead to the exhaustion of JavaScript runtime memory or trigger a Regular Expression...

7.5CVSS5.2AI score0.00481EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : rh-nodejs12-nodejs-nodemon-2.0.3-2.el7, rh-nodejs12-nodejs-12.22.2-1.el7 (AXSA:2021-2259:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2259:02 advisory. nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl CVE-2021-23362 nodejs-ssri: Regular expression DoS ReDoS...

7.5CVSS7.7AI score0.23132EPSS
Exploits3References5
Rows per page
Query Builder