Lucene search
K

178 matches found

Debian CVE
Debian CVE
added 2026/03/30 3:13 p.m.3 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.4AI score0.00325EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/27 10:19 p.m.7 views

Zebra node crash — V5 transaction hash panic (P2P reachable)

--- Remote Denial of Service via Crafted V5 Transactions Summary A vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5 transaction that passes initial...

9.2CVSS6AI score0.00725EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/03/27 10:19 p.m.3 views

GHSA-QP6F-W4R3-H8WG Zebra node crash — V5 transaction hash panic (P2P reachable)

--- Remote Denial of Service via Crafted V5 Transactions Summary A vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated attacker to cause a Zebra node to panic crash. This is triggered by sending a specially crafted V5 transaction that passes initial...

9.2CVSS6AI score0.00725EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 10:16 p.m.10 views

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS0.00616EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:8 p.m.9 views

CVE-2026-33939

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, when a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. Th...

7.5CVSS5.9AI score0.00616EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/03/27 6:21 p.m.4 views

Improper Check for Unusual or Exceptional Conditions

Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the registerDecorator path in lib/handlebars/compiler/javascript-compiler.js. An attacker can crash the Node.js...

8.7CVSS5.9AI score0.00616EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.12 views

PT-2026-28604

Name of the Vulnerable Software and Affected Versions Zebra versions prior to 4.3.0 Description A flaw exists in Zebra’s transaction processing logic that allows a remote, unauthenticated attacker to cause a Zebra node to crash. This is triggered by sending a specially crafted V5 transaction that...

9.2CVSS5.9AI score0.00725EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/03/26 7:49 p.m.4 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS5.7AI score0.00469EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31949

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service DoS vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 1:16 a.m.3 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS0.00398EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/25 8:8 p.m.4 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the compose/resolve phase due to using recursive function calls without a depth bound. An attacker can cause the application to throw a RangeError and potentially terminate the Node.js process by supplying a...

6.5CVSS5.9AI score0.00469EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/18 3:18 p.m.8 views

Security Bulletin: Due to the use of flatted, IBM DevOps Solution Workbench is affected by a stack overflow that crashes the Node.js process (CVE-2026-32141)

Summary flatted is used internally within IBM DevOps Solution Workbench Vulnerability Details CVEID:CVE-2026-32141 DESCRIPTION: flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given...

7.5CVSS5.9AI score0.00777EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-2229

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the...

7.5CVSS6.8AI score0.00874EPSS
Exploits0References3
OSV
OSV
added 2026/03/12 6:16 p.m.2 views

DEBIAN-CVE-2026-32141

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

7.5CVSS7.5AI score0.00777EPSS
Exploits1References1
OSV
OSV
added 2026/03/12 6:8 p.m.7 views

CVE-2026-32141 flatted: Unbounded recursion DoS in parse() revive phase

flatted is a circular JSON parser. Prior to 3.4.0, flatted's parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When given a crafted payload with deeply nested or self-referential $ indices, the recursion depth is unbounded, causing a stack overflow...

7.5CVSS5.9AI score0.00777EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-25037

Name of the Vulnerable Software and Affected Versions flatted versions prior to 3.4.0 Description flatted is a circular JSON parser. The parse function uses a recursive revive phase to resolve circular references in deserialized JSON. When provided with a crafted payload containing deeply nested ...

7.5CVSS7.7AI score0.00777EPSS
Exploits1References146
SUSE CVE
SUSE CVE
added 2026/03/07 12:25 a.m.4 views

SUSE CVE-2026-29074

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

7.5CVSS5.7AI score0.00612EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

go-ethereum 输入验证错误漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained a vulnerability related to input validation errors. This vulnerability allowed attackers to force vulnerable nodes to shut down or crash through specially crafted...

8.7CVSS5.8AI score0.0058EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/18 10:35 p.m.8 views

Go Ethereum affected by DoS via malicious p2p message

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...

8.7CVSS5.5AI score0.0058EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/02/18 10:35 p.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto to version 1.16.9 or higher...

8.7CVSS5.6AI score0.0058EPSS
Exploits0References2
Rows per page
Query Builder