Lucene search
K

252660 matches found

vulnersOsv
vulnersOsv
added 2026/03/26 9:57 p.m.7 views

-fides-amor-et-lux (=1.0.0), 1ib (>=1.0.9 <=1.0.11) +1133 more potentially affected by CVE-2026-33891 via node-forge (>=1.0.0 <=1.3.3)

node-forge NPM version =1.0.0, =1.0.9, =1.0.0, =7.10.2-para-beta.0, =1.3.0-patch.0, =0.0.1-custom-install-dir, =1.2.1, =1.0.0, =1.0.0, =1.2.6, =1.23.2, =1.35.0 - @arextest/arex-request-runtime =7.36.3 and more Source cves: CVE-2026-33891 Source advisory: SNYK:JS-NODEFORGE-15789769...

7.5CVSS5.7AI score0.0058EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/26 9:57 p.m.7 views

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41756 more potentially affected by CVE-2026-33891 via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

7.5CVSS5.7AI score0.0058EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/26 9:57 p.m.10 views

org.webjars.npm:github-com-cisco-node-jose (=2.2.0), org.webjars.npm:google-auth-library (>=1.6.1 <=6.1.6) +7 more potentially affected by CVE-2026-33891 via org.webjars.npm:node-forge (>=0.10.0 <=1.3.3)

org.webjars.npm:node-forge MAVEN version =0.10.0, =1.6.1, =1.0.2, =2.3.2, =1.10.2, =2.1.1 Source cves: CVE-2026-33891 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15789770...

7.5CVSS5.8AI score0.0058EPSS
Exploits1
Snyk
Snyk
added 2026/03/26 9:57 p.m.6 views

Infinite loop

Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely...

8.7CVSS5.9AI score0.0058EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/26 9:57 p.m.2 views

Infinite loop

Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely and consume excessive CPU resources by supplying a zero value as input, resulti...

8.7CVSS5.9AI score0.0058EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/26 9:57 p.m.6 views

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/26 9:53 p.m.9 views

2mxdev-gql-gateway (=1.0.0), 4m-node-server (>=0.0.1 <=0.0.8) +3154 more potentially affected by unknown CVE via apollo-server-core (>=1.3.2 <=3.13.0)

apollo-server-core NPM version =1.3.2, =0.0.1, =1.0.2, =0.0.80, =3.10.1, =1.2.0-pre.24, =1.0.1, =1.0.0, =1.0.0, =0.5.0, =1.0.0, =0.1.3, =0.1.0, =0.4.52, =0.0.1, =0.0.5 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9Q82-XGWF-VJ6H...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 9:42 p.m.6 views

CVE-2026-4933

A flaw was found in Drupal's Unpublished Node Permissions module. This incorrect authorization vulnerability allows an attacker to bypass intended access controls, potentially enabling them to view unpublished content through forceful browsing...

5.7AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 9:31 p.m.7 views

EUVD-2026-16395

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

5.8AI score0.00232EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 9:24 p.m.6 views

OpenClaw's mutating internal ACP chat commands missed operator.admin scope enforcement

Summary Mutating internal ACP chat commands missed the operator.admin gate that should separate read-only and mutating control-plane actions. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...

5.8AI score
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:17 p.m.2 views

CVE-2026-0748

In the Drupal 7 Internationalization i18n module, the i18nnode submodule allows a user with both "Translate content" and "Administer content translations" permissions to view and attach unpublished nodes via the translation UI and its autocomplete widget. This bypasses intended access controls an...

5.3CVSS5.7AI score0.00405EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/03/26 9:17 p.m.5 views

CVE-2026-4933

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

7.5CVSS0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:14 p.m.6 views

CVE-2026-1556

Information disclosure in the file URI processing of File Field Paths in Drupal File Field Paths 7.x prior to 7.1.3 on Drupal 7.x allows authenticated users to disclose other users’ private files via filename‑collision uploads. This can cause hooknodeinsert consumers for example, email attachment...

6.9CVSS5.8AI score0.00391EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/26 8:33 p.m.4 views

GO-2026-4856 Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic in github.com/cilium/cilium...

5.4CVSS5.8AI score0.00244EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/26 8:10 p.m.20 views

CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

0.00232EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:10 p.m.10 views

CVE-2026-4933

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

5.8AI score0.00232EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:10 p.m.2 views

CVE-2026-4933 Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0...

5.9AI score0.00232EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 8:10 p.m.8 views

CVE-2026-4933

CVE-2026-4933: Drupal Unpublished Node Permissions contains an incorrect authorization flaw in which unpublished content can be accessed via forceful browsing. Affected component is the Unpublished Node Permissions module prior to version 1.7.0. The vulnerability permits bypassing intended access...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
Debian CVE
Debian CVE
added 2026/03/26 7:49 p.m.4 views

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

4.3CVSS5.7AI score0.00469EPSS
Exploits1
Snyk
Snyk
added 2026/03/26 6:30 p.m.3 views

LDAP Injection

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to LDAP Injection via the LDAP node's filter escape. An attacker can retrieve unauthorized LDAP records or bypass authentication checks by injecting specially crafted input into LDAP search parameters...

6.3CVSS5.9AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder