Lucene search
K

17 matches found

OSV
OSV
added 2026/06/17 4:20 a.m.12 views

MAL-2026-5985 Malicious code in node-path-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 180db640dc8207694eb4629834f74b740d7efc9febf26067d190e10656fe04e9 Package name node-path-utils and its README/description claim it is 'an exact copy of the NodeJS path module', impersonating the Node.js core path...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/17 4:20 a.m.7 views

Malicious code in node-path-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 180db640dc8207694eb4629834f74b740d7efc9febf26067d190e10656fe04e9 Package name node-path-utils and its README/description claim it is 'an exact copy of the NodeJS path module', impersonating the Node.js core path...

6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

Xen: Xenstored DoS by unprivileged domain (XSA-481)

Any guest issuing a Xenstore command accessing a node using the illegal node path '/local/domain/', will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.5AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 8:8 p.m.6 views

CVE-2026-42220

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/04 8:8 p.m.7 views

CVE-2026-42220 nginx-ui: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.8, an authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret...

6.5CVSS5.7AI score0.00299EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.10 views

PT-2026-36920

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.8 Description An authenticated user can access the 'GET /api/settings' endpoint to retrieve sensitive configuration values, such as node.secret. This secret is accepted by the AuthRequired function via the...

6.8CVSS5.8AI score0.00299EPSS
Exploits1References12
Github Security Blog
Github Security Blog
added 2026/04/17 9:32 p.m.11 views

Complete Bypass of CVE-2026-24884 Patch via Git-Delivered Symlink Poisoning in compressing

Executive Summary This report documents a critical security research finding in the compressing npm package specifically tested on the latest v2.1.0. The core vulnerability is a Partial Fix Bypass of CVE-2026-24884. The current patch relies on a purely logical string validation within the...

8.4CVSS6AI score0.00334EPSS
Exploits2References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/23 10:53 a.m.4 views

CVE-2026-23555

A flaw was found in Xenstored, the daemon responsible for the Xenstore key-value store in Xen virtual machines. An unprivileged guest can exploit this vulnerability by issuing a Xenstore command that accesses a node using an illegal node path. This can cause Xenstored to crash, leading to a Denia...

7.1CVSS5.8AI score0.00181EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/23 6:57 a.m.1 views

CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.8AI score0.00181EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/23 6:57 a.m.3 views

CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the illegal node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert statement in xenstored. In case xenstored is...

7.1CVSS5.3AI score0.00181EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.9 views

Xen 安全漏洞

Xen is an open-source virtual machine monitor product developed by Xen. This product allows different and incompatible operating systems to run on the same computer. It also supports migration during runtime, ensuring smooth operation and avoiding downtime. Xen has a security vulnerability, which...

7.1CVSS5.9AI score0.00181EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/12/10 12:39 a.m.11 views

SUSE CVE-2022-50639

In the Linux kernel, the following vulnerability has been resolved: io-wq: Fix memory leak in worker creation If the CPU mask allocation for a node fails, then the memory allocated for the 'iowqe' struct of the current node doesn't get freed on the error handling path, since it has not yet been...

5.5CVSS6.4AI score0.00166EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-986893)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986893 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: sparcspkr - fix refcount leak in bbcbeepprobe offindnodebypath calls offindnodeoptsbypath,...

5.5CVSS5.7AI score0.00253EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2022-55370

Malicious code in bioql PyPI...

7.1AI score0.00156EPSS
Exploits0References8
OSV
OSV
added 2025/06/10 10:15 a.m.2 views

CVE-2025-40661

An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp...

7.5CVSS5.7AI score0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/16 12:0 a.m.4 views

PT-2022-14767 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue is related to a possible out of bounds read in the ufdt get node by path len function of ufdt convert.c due to a missing bounds check. This could lead to local information disclosure, requiri...

4.4CVSS4.3AI score0.0017EPSS
Exploits0References2
CNVD
CNVD
added 2020/05/08 12:0 a.m.3 views

Advantech WebAccess Node Path Traversal Vulnerability (CNVD-2020-29742)

Advantech WebAccess is a browser-based SCADA software package for monitoring, data acquisition and visualization. It is used to automate complex industrial processes where remote operation is required. A path traversal vulnerability exists in Advantech WebAccess Node, which can be exploited by an...

8.8CVSS7AI score0.02312EPSS
Exploits0References1
Rows per page
Query Builder