Lucene search
K

252647 matches found

UbuntuCve
UbuntuCve
added 2026/03/26 10:16 p.m.8 views

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

6.9CVSS5.8AI score0.00391EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2026/03/26 10:5 p.m.5 views

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1133 more potentially affected by CVE-2026-33896 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33896 Source advisory: SNYK:JS-NODEFORGE-15789771...

9.1CVSS5.7AI score0.00303EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/26 10:5 p.m.8 views

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33896 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33896 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789772...

9.1CVSS5.8AI score0.00303EPSS
Exploits1
Snyk
Snyk
added 2026/03/26 10:5 p.m.7 views

Improper Certificate Validation

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCertificateChain function. An attacker can gain...

9.1CVSS6.7AI score0.00303EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/26 10:5 p.m.4 views

Improper Certificate Validation

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCertificateChain function. An attacker can gain unauthorized certificate authority capabilities by presenting a certificate chain where ...

9.1CVSS6.7AI score0.00303EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/26 10:4 p.m.6 views

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1133 more potentially affected by CVE-2026-33895 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33895 Source advisory: SNYK:JS-NODEFORGE-15789767...

7.5CVSS5.7AI score0.00338EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 10:4 p.m.6 views

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41756 more potentially affected by CVE-2022-35961 +2 more via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

8.1CVSS6.8AI score0.00338EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 10:4 p.m.6 views

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33895 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33895 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789768...

7.5CVSS5.8AI score0.00338EPSS
Exploits0
Snyk
Snyk
added 2026/03/26 10:4 p.m.7 views

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the ed25519.verify function. An attacker can bypas...

8.7CVSS5.9AI score0.00338EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/03/26 10:2 p.m.5 views

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1133 more potentially affected by CVE-2026-33894 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33894 Source advisory: SNYK:JS-NODEFORGE-15789773...

7.5CVSS5.7AI score0.00339EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 10:2 p.m.5 views

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41756 more potentially affected by CVE-2026-33894 via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

7.5CVSS5.7AI score0.00339EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/26 10:2 p.m.8 views

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33894 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33894 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789774...

7.5CVSS5.8AI score0.00339EPSS
Exploits0
Snyk
Snyk
added 2026/03/26 10:2 p.m.5 views

Improper Verification of Cryptographic Signature

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in ASN.1 structures during RSA signature verification...

8.7CVSS5.9AI score0.00339EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/03/26 9:57 p.m.7 views

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1133 more potentially affected by CVE-2026-33891 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33891 Source advisory: SNYK:JS-NODEFORGE-15789769...

7.5CVSS5.7AI score0.0058EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/26 9:57 p.m.7 views

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41756 more potentially affected by CVE-2026-33891 via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

7.5CVSS5.7AI score0.0058EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/26 9:57 p.m.10 views

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33891 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33891 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789770...

7.5CVSS5.8AI score0.0058EPSS
Exploits1
Snyk
Snyk
added 2026/03/26 9:57 p.m.6 views

Infinite loop

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely...

8.7CVSS5.9AI score0.0058EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/26 9:57 p.m.2 views

Infinite loop

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely and consume excessive CPU resources by supplying a zero value as input, resulti...

8.7CVSS5.9AI score0.0058EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 9:57 p.m.1 views

GHSA-5M6Q-G25R-MVWX Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/26 9:57 p.m.6 views

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder