Lucene search
K

4512 matches found

NVD
NVD
added 2026/06/15 9:17 p.m.12 views

CVE-2026-48886

Unauthenticated SQL Injection in JS Help Desk = 3.0.9 versions...

9.3CVSS0.00283EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/15 8:15 p.m.28 views

UAParser.js: Unbounded `Sec-CH-UA-Model` parsing can trigger ReDoS in `withClientHints()`

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.4AI score
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:15 p.m.9 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and...

6.9CVSS5.3AI score0.00259EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:15 p.m.64 views

JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

Summary A crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relative...

5.3CVSS5.5AI score0.00259EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/06/15 5:15 p.m.7 views

GHSA-H67P-54HQ-RP68 JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

Summary A crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relative...

5.3CVSS5.6AI score0.00259EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/15 12:51 p.m.10 views

EUVD-2026-36721

Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Engine Faust.Js allows Password Recovery Exploitation. This issue affects Faust.Js: from n/a through 1.8.7...

8.8CVSS5.2AI score0.0029EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/15 8:8 a.m.8 views

Information Exposure

Axios is vulnerable to Information Exposure. The vulnerability is due to improper handling of the Proxy-Authorization header in the Node.js HTTP adapter, where proxy credentials can be forwarded to a redirected destination during certain proxy-to-direct redirect flows, allowing an...

8.2CVSS5.3AI score0.00689EPSS
Exploits1References28Affected Software1
NVD
NVD
added 2026/06/15 3:16 a.m.16 views

CVE-2026-12208

A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible ...

6.9CVSS0.00314EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49551

Summary A regular expression denial-of-service ReDoS vulnerability has been discovered in ua-parser-js when using the Client Hints API. By sending a crafted Sec-CH-UA-Model header to an application that calls UAParserheaders.withClientHints, an attacker can cause the parser to spend excessive CPU...

5.3CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.53 views

PT-2026-49573

Name of the Vulnerable Software and Affected Versions js-yaml versions prior to 4.2.0 Description A crafted YAML document can trigger algorithmic CPU exhaustion during merge-key processing by repeating the same alias multiple times in a merge sequence. This results in quadratic parse-time behavio...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References19
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:38 p.m.10 views

Malicious code in chalk-plus-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5351482f03a50cab8a28b6aa7c992c960a55c6889634d2a04bb86a157ac18d1 Package is published under a name riding the popular chalk color-output library but its source tree, README, main entry lib/nodemailer.js, and lib...

5.3AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48997

Name of the Vulnerable Software and Affected Versions MISP affected versions not specified Description A reflected cross-site scripting issue exists in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping within a single-quoted...

5.3CVSS4.9AI score0.00256EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/11 9:0 p.m.12 views

Malicious Package

Overview @solana-labs/web3.js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Snyk
Snyk
added 2026/06/11 9:0 p.m.10 views

Malicious Package

Overview solana-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/11 8:54 p.m.3 views

USN-8425-1 libnginx-mod-js vulnerability

It was discovered that njs did not properly handle certain client- controlled variables when processing ngx.fetch requests. An attacker could possibly use this issue to trigger a heap buffer overflow, resulting in arbitrary code execution or a denial of service...

9.8CVSS6.3AI score0.00889EPSS
Exploits0References2
OSV
OSV
added 2026/06/11 5:16 p.m.4 views

DEBIAN-CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.3AI score0.00552EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.13 views

CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

8.2CVSS0.00689EPSS
Exploits1References25
Cvelist
Cvelist
added 2026/06/11 3:39 p.m.82 views

CVE-2026-44486 Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS0.00552EPSS
Exploits1References1
CVE
CVE
added 2026/06/11 3:39 p.m.33 views

CVE-2026-44486

Axios (Node.js) prior to 0.32.0 and 1.16.0 is vulnerable to leaking Proxy-Authorization credentials to a redirect target when using an authenticated proxy and automatic redirects. If a request uses a proxy and follows a redirect that switches to a direct connection, a stale Proxy-Authorization he...

7.5CVSS5.5AI score0.00552EPSS
Exploits1References20Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/11 3:39 p.m.9 views

CVE-2026-44486 Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.4AI score0.00552EPSS
Exploits1References1
Rows per page
Query Builder