Lucene search
K

252644 matches found

CVE
CVE
added 2026/03/30 7:7 p.m.26 views

CVE-2026-21714

CVE-2026-21714 is a memory leak in Node.js HTTP/2 that occurs when a client sends WINDOW_UPDATE frames on stream 0, preventing proper Http2Session cleanup and potentially exhausting resources. Affected: Node.js 20, 22, 24, and 25. Connected advisories report fixes in downstream distributions: e.g...

5.3CVSS6.5AI score0.00454EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS6.4AI score0.00454EPSS
Exploits0References1
CVE
CVE
added 2026/03/30 7:7 p.m.23 views

CVE-2026-21713

CVE-2026-21713 (Node.js HMAC timing side-channel) involves a non-constant-time comparison in HMAC verification, exposing potential timing information proportional to the number of matching bytes. The issue is present across 20.x, 22.x, 24.x, and 25.x releases. The advisories note that Node.js alr...

5.9CVSS6.5AI score0.00385EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:7 p.m.6 views

CVE-2026-21717

A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the...

5.9CVSS5.9AI score0.00283EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/30 4:16 p.m.3 views

ALPINE-CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 3:13 p.m.2 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.2AI score0.00325EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/30 3:13 p.m.2 views

CVE-2026-21712

A flaw in Node.js URL processing causes an assertion failure in native code when url.format is called with a malformed internationalized domain name IDN containing invalid characters, crashing the Node.js process...

5.7CVSS6.4AI score0.00325EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.4 views

PT-2026-31957

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.24 Description OpenClaw versions before 2026.3.24 contain an arbitrary code execution vulnerability during local plugin and hook installation. Attackers can exploit this by crafting a malicious .npmrc file wit...

8.4CVSS6.4AI score0.00136EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.15 views

Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2026-1484)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1484 advisory. A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js...

8.6CVSS5AI score0.00459EPSS
Exploits3References8
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.9 views

Amazon Linux 2023 : nodejs22, nodejs22-devel, nodejs22-full-i18n (ALAS2023-2026-1483)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1483 advisory. node-tar is a full-featured Tar for Node.js. When using default options in versions 7.5.7 and below, an attacker-controlled archive can create a hardlink inside the extraction directory that...

8.6CVSS5.9AI score0.00408EPSS
Exploits3References6
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.10 views

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...

5.9CVSS6.8AI score0.00385EPSS
Exploits0References1
OSV
OSV
added 2026/03/29 10:45 p.m.3 views

MAL-2026-2296 Malicious code in bos-decoration-elements (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8cb5985779c5099333bec5b084b209c36dea0dd9fa47ef2c2d7c3630c33daaa5 The package bos-decoration-elements was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/29 3:48 p.m.7 views

@agentholdings/agent-passport (>=0.1.0 <=0.1.5), @chrysb/alphaclaw (=0.8.3-beta.1) +12 more potentially affected by CVE-2026-35629 via openclaw (>=0.0.1 <=2026.3.24)

openclaw NPM version =0.0.1, =0.1.0, =2026.3.25, =2026.3.24-3, =0.14.39, =0.1.1, =2.0.1, =0.0.7, =0.14.6, =0.1.0, =3.3.2, =3.3.7 Source cves: CVE-2026-35629 Source advisory: OSV:GHSA-RHFG-J8JQ-7V2H...

7.4CVSS5.4AI score0.00244EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/29 11:50 a.m.7 views

Malicious code in f0-state-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/29 11:50 a.m.4 views

MAL-2026-2287 Malicious code in f0-state-manager (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 989b5f62777b6b7fbd236eb28a54b0e42ba48548dc0a49919c5f311c1f1c7072 The package f0-state-manager was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/29 10:58 a.m.3 views

MAL-2026-2284 Malicious code in bizsignupnodeweb (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ceaf1cee13e367f987a97f8de4c8fb4985ab1eedd49be1912467793dce9f0ef9 The package bizsignupnodeweb was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/29 10:55 a.m.4 views

MAL-2026-2286 Malicious code in sn3akysnak3-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21fa246103030890351ed5948825f415a78600c6aacb5187dbd840518f744d92 The package sn3akysnak3-test was found to contain malicious code. Source: ossf-package-analysis...

5.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/29 4:43 a.m.5 views

Malicious code in @adac-fahrzeugplattform/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 779ce69d66db89d0bc1c8b82a373e6fed7e1b6a84d2cdf56bcab4b3076226f5f The package @adac-fahrzeugplattform/ui was found to contain malicious code. Source: ghsa-malware...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.3 views

CVE-2026-32241

Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension backend is vulnerable to a command injection that...

7.5CVSS6.2AI score0.02709EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.6 views

CVE-2026-33976

Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to remote code execution in the desktop app. The root cause is that the clipper preserves attacker-controlled attributes from the sourc...

9.6CVSS6.5AI score0.00706EPSS
Exploits1References1
Rows per page
Query Builder