252660 matches found
-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1133 more potentially affected by CVE-2026-33891 via node-forge (>=1.0.0 <=1.3.3)
node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33891 Source advisory: SNYK:JS-NODEFORGE-15789769...
-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41756 more potentially affected by CVE-2026-33891 via node-forge (>=0.10.0 <=1.3.3)
node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...
org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33891 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)
org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33891 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789770...
Infinite loop
Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely...
Infinite loop
Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely and consume excessive CPU resources by supplying a zero value as input, resulti...
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...
2mxdev-gql-gateway (=1.0.0), 4m-node-server (>=0.0.1 <=0.0.8) +3154 more potentially affected by unknown CVE via apollo-server-core (>=1.3.2 <=3.13.0)
apollo-server-core NPM version =1.3.2, =0.0.1, =1.0.2, =0.0.80, =3.10.1, =1.2.0-pre.24, =1.0.1, =1.0.0, =1.0.0, =0.5.0, =1.0.0, =0.1.3, =0.1.0, =0.4.52, =0.0.1, =0.0.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9Q82-XGWF-VJ6H...
CVE-2026-4933
A flaw was found in Drupal's Unpublished Node Permissions module. This incorrect authorization vulnerability allows an attacker to bypass intended access controls, potentially enabling them to view unpublished content through forceful browsing...
EUVD-2026-16395
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...
OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement
Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
CVE-2026-0748
In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...
CVE-2026-4933
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...
CVE-2026-1556
Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...
GO-2026-4856 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium
Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium...
CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...
CVE-2026-4933
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...
CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029
Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...
CVE-2026-4933
CVE-2026-4933: Drupal Unpublished Node Permissions contains an incorrect authorization flaw in which unpublished content can be accessed via forceful browsing. Affected component is the Unpublished Node Permissions module prior to version 1.7.0. The vulnerability permits bypassing intended access...
CVE-2026-33532
yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...
LDAP Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to LDAP Injection via the LDAP node's filter escape. An attacker can retrieve unauthorized LDAP records or bypass authentication checks by injecting specially crafted input into LDAP search parameters...