Lucene search
K

18 matches found

OSV
OSV
added 2026/06/23 2:50 p.m.4 views

BIT-NODE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 5:16 p.m.9 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS0.00208EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/18 4:21 p.m.5 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.8AI score0.00208EPSS
Exploits0
EUVD
EUVD
added 2026/06/18 4:21 p.m.9 views

EUVD-2026-37914

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/25 11:54 a.m.13 views

CVE-2026-41678

A flaw was found in rust-openssl, a library providing OpenSSL bindings for the Rust programming language. A remote attacker could exploit an incorrect assertion in the aes::unwrapkey function. This flaw causes the function to incorrectly validate buffer sizes, allowing a smaller output buffer tha...

9.8CVSS6AI score0.00294EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 8:27 p.m.3 views

GO-2026-4514 Denial of service in github.com/buger/jsonparser

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack...

7.5CVSS5.8AI score0.0075EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/02/26 3:22 p.m.7 views

TerriaJS-Server has a domain validation bypass vulnerability in its proxy allowlist

Impact A validation bug allows an attacker to proxy domains not explicitly allowed in the proxyableDomains configuration. The validation only checks if a hostname ended with an allowed domain. This meant: If example.com is allowed in proxyableDomains: - ✅ example.com is allowed correct - ✅...

8.7CVSS5.3AI score0.00241EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-12893

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clients may successfully perform a TLS handshake with a MongoDB server despite presenting a client certificate not aligning with the documented Extended Key Usa...

5.4CVSS6AI score0.00084EPSS
Exploits0References2
NVD
NVD
added 2025/11/05 6:15 a.m.4 views

CVE-2025-6027

The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as subscriber to reset the password of arbitrary accounts, including administrators...

6.3CVSS0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.6 views

PT-2025-4781 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionar tipo quadro horario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious...

6.4CVSS5.6AI score0.00273EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/01/07 12:0 a.m.4 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability previously existed in Mozilla Firefox version 134, which stemmed from a failure of ALPN to properly validate certificates when using Alt-Svc if the originating server redirecte...

4CVSS6.6AI score0.00228EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/02/23 12:0 a.m.3 views

SUSE多款产品 安全漏洞

SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from SUSE, Germany. A security vulnerability exists in SUSE that stems from BCrypt hash misvalidation and affects the following products and versions: openSUSE Leap 15.4, SUSE Enterprise Storage 7, SUSE...

8.1CVSS6.7AI score0.00944EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 2022/06/28 7:58 a.m.2 views

nodejs: Improper handling of URI Subject Alternative Names

A flaw was found in node.js where it accepted a certificate's Subject Alternative Names SAN entry, as opposed to what is specified by the HTTPS protocol. This flaw allows an active person-in-the-middle to forge a certificate and impersonate a trusted host...

7.4CVSS7.3AI score0.08373EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/26 1:19 a.m.40 views

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Node.js. Vulnerability Details CVEID:CVE-2021-44532 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by a string injection vulnerability when name constraints were us...

8.2CVSS7.1AI score0.21514EPSS
Exploits3Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:41 p.m.6 views

Square OkHttp can accept the wrong certificate

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS7.6AI score0.00877EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2020/09/25 7:15 p.m.25 views

PYSEC-2020-276

In Tensorflow version 2.3.0, the SparseCountSparseOutput and RaggedCountSparseOutput implementations don't validate that the weights tensor has the same shape as the data. The check exists for DenseCountSparseOutput, where both tensors are fully specified. In the sparse and ragged count weights a...

9.9CVSS2.1AI score0.00902EPSS
Exploits1References3
OSV
OSV
added 2016/06/17 3:59 p.m.5 views

CVE-2016-5433

Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors...

6.1CVSS5.8AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2016/04/06 6:59 a.m.9 views

USN-2947-2 linux-lts-wily vulnerabilities

Ralf Spenneberg discovered that the usbvision driver in the Linux kernel did not properly validate the interfaces and endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7833 Venkatesh Pottem discovered a use-after-free...

10CVSS7.1AI score0.14281EPSS
Exploits1References7
Rows per page
Query Builder