Lucene search
K

182 matches found

SUSE CVE
SUSE CVE
added 2026/03/07 12:25 a.m.4 views

SUSE CVE-2026-29074

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

7.5CVSS5.7AI score0.00612EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.7 views

go-ethereum 输入验证错误漏洞

go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.16.9 contained a vulnerability related to input validation errors. This vulnerability allowed attackers to force vulnerable nodes to shut down or crash through specially crafted...

8.7CVSS5.8AI score0.0058EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/18 10:35 p.m.8 views

Go Ethereum affected by DoS via malicious p2p message

Impact A vulnerable node can be forced to shutdown/crash using a specially crafted message. More details to be released later. Patches The problem is resolved in the v1.16.9 and v1.17.0 releases of Geth. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by Waleed Ahmed...

8.7CVSS5.5AI score0.0058EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/02/18 10:35 p.m.1 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto/secp256k1 to version 1.16.9 ...

8.7CVSS5.6AI score0.0058EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/18 10:35 p.m.3 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in elliptic curve verification functions for secp256k1. An attacker can cause a node to crash by sending a malicious p2p payload. Remediation Upgrade github.com/ethereum/go-ethereum/crypto to version 1.16.9 or higher...

8.7CVSS5.6AI score0.0058EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.5 views

PT-2026-8035

Name of the Vulnerable Software and Affected Versions TON Blockchain versions prior to 2025.06 Description A flaw exists in the TON Virtual Machine TVM within the TON Blockchain. The issue resides in the execution logic of the INMSGPARAM instruction, where the program does not validate if a point...

5.8AI score0.00554EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/02/13 12:0 a.m.3 views

CVE-2025-70955

A Stack Overflow vulnerability was discovered in the TON Virtual Machine TVM before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which allow for continuous dynamic tail calls. An attacker can exploit this by crafting a smart contract...

5.8AI score0.00604EPSS
Exploits0References4
Hacker One
Hacker One
added 2026/02/09 8:44 p.m.12 views

Node.js: Assertion error in node_url.cc via malformed URL format leads to Node.js crash

An assertion error in nodeurl.cc via malformed URL format leads to a Node.js crash. A flaw in the URL processing caused an assertion failure in the native code when url.format was called with a malformed internationalized domain name containing invalid characters, crashing the Node.js process. Th...

5.7CVSS6.3AI score0.00325EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/04 12:0 a.m.14 views

Next.js Framework 15.x < 15.6.0-canary.61 / 16.x < 16.1.5 PPR Resume Endpoint DoS (GHSA-5f7q-jpqc-wp7h)

The Next.js Framework on the remote host is affected by a denial of service vulnerability: - A denial of service vulnerability exists in Next.js versions with Partial Prerendering PPR enabled when running in minimal mode. The PPR resume endpoint accepts unauthenticated POST requests with the...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/01/27 12:27 a.m.6 views

SUSE CVE-2026-22862

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...

7.5CVSS6AI score0.00636EPSS
Exploits0References2
OSV
OSV
added 2026/01/26 2:47 p.m.4 views

BIT-NODE-MIN-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.9AI score0.03782EPSS
Exploits0References21
OSV
OSV
added 2026/01/26 2:47 p.m.3 views

BIT-NODE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.9AI score0.03782EPSS
Exploits0References21
NVD
NVD
added 2026/01/20 9:16 p.m.6 views

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS0.03782EPSS
Exploits0References20
AlpineLinux
AlpineLinux
added 2026/01/20 8:41 p.m.3 views

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.6AI score0.03782EPSS
Exploits0References20
ATTACKERKB
ATTACKERKB
added 2026/01/20 8:41 p.m.7 views

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS5.5AI score0.03782EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/01/20 8:41 p.m.32 views

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS0.03782EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.3 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002413)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002413 advisory. The batadvfragmergepackets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length...

7.8CVSS6.5AI score0.05361EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2026/01/14 9:18 p.m.7 views

CVE-2026-22868

go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed in 1.16.8...

7.5CVSS6.9AI score0.00569EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/13 9:55 p.m.5 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/eth/fetcher t...

7.5CVSS6.8AI score0.00569EPSS
Exploits0References2
Snyk
Snyk
added 2026/01/13 9:55 p.m.2 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the handling of failed KZG verification for p2p messages. An attacker can cause a node to shut down or crash by sending a specially crafted message. Remediation Upgrade github.com/ethereum/go-ethereum/core/txpool t...

7.5CVSS6.8AI score0.00569EPSS
Exploits0References2
Rows per page
Query Builder