182 matches found
SUSE CVE-2026-29074
SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...
go-ethereum 输入验证错误漏洞
go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained a vulnerability related to input validation errors. This vulnerability allowed attackers to force vulnerable nodes to shut down or crash through specially crafted...
Go Ethereum affected by DoS via malicious p2p message
Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto/secp256k1 to version 1.16.9 ...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto to version 1.16.9 or higher...
PT-2026-8035
Name of the Vulnerable Software and Affected Versions TON Blockchain versions prior to 2025.06 Description A flaw exists in the TON Virtual Machine TVM within the TON Blockchain. The issue resides in the execution logic of the INMSGPARAM instruction, where the program does not validate if a point...
CVE-2025-70955
A Stack Overflow vulnerability was discovered in the TON Virtual Machine TVM before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract...
Node.js: Assertion error in node_url.cc via malformed URL format leads to Node.js crash
An assertion error in nodeurl.cc via malformed URL format leads to a Node.js crash. A flaw in the URL processing caused an assertion failure in the native code when url.format was called with a malformed internationalized domain name containing invalid characters, crashing the Node.js process. Th...
Next.js Framework 15.x < 15.6.0-canary.61 / 16.x < 16.1.5 PPR Resume Endpoint DoS (GHSA-5f7q-jpqc-wp7h)
The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the...
SUSE CVE-2026-22862
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...
BIT-NODE-MIN-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
BIT-NODE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002413)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002413 advisory. The batadvfragmergepackets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length...
CVE-2026-22868
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/eth/fetcher t...
Uncaught Exception
Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/core/txpool t...