Lucene search
K

38 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-0421

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.0276EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-7419

Malicious code in bioql PyPI...

7.1CVSS7AI score0.01939EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-23166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the...

7.5CVSS7.3AI score0.00763EPSS
Exploits0References2
OSV
OSV
added 2025/05/21 6:0 a.m.8 views

BIT-NODE-MIN-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.4AI score0.00763EPSS
Exploits0References2
OSV
OSV
added 2025/05/21 6:0 a.m.5 views

BIT-NODE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.6AI score0.00763EPSS
Exploits0References2
NVD
NVD
added 2025/05/19 2:15 a.m.14 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS0.00763EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 2:15 a.m.9 views

AZL-65066 CVE-2025-23166 affecting package nodejs18 for versions less than 18.20.3-8

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References1
OSV
OSV
added 2025/05/19 2:15 a.m.6 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7AI score
Exploits0References1
OSV
OSV
added 2025/05/19 2:15 a.m.5 views

AZL-61919 CVE-2025-23166 affecting package nodejs for versions less than 20.14.0-9

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 1:25 a.m.133 views

CVE-2025-23166

The CVE-2025-23166 issue affects Node.js and stems from SignTraits::DeriveBits() potentially calling ThrowException() with user-controlled inputs when run in a background thread, leading to a crash of the Node.js runtime. Public advisories in the Connected documents confirm affected packages (e.g...

7.5CVSS6.8AI score0.00763EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 1:25 a.m.4 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.5AI score0.00763EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/05/19 1:25 a.m.4 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.8AI score0.00763EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/02/06 3:56 a.m.7 views

CVE-2021-39157

detect-character-encoding is an open source character encoding inspection library. In detect-character-encoding v0.6.0 and earlier, data matching no charset causes the Node.js process to crash. The problem has been patched in detect-character-encoding v0.7.0. No workaround are available and all...

7.5CVSS6.6AI score0.02068EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/06 3:55 a.m.9 views

CVE-2021-39131

ced detects character encoding using Google’s compactencdet library. In ced v0.1.0, passing data types other than Buffer causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a Buffer using Buffer.isBuffero...

7.5CVSS6.6AI score0.01891EPSS
Exploits1References1
Amazon
Amazon
added 2024/11/14 12:0 a.m.4 views

Medium: nodejs

Issue Overview: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js...

6.5CVSS7.2AI score0.00929EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/05/27 3:44 p.m.13 views

CVE-2023-32695 Insufficient validation when decoding a Socket.IO packet

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3...

7.3CVSS7.5AI score0.01059EPSS
Exploits0References4
OSV
OSV
added 2021/08/17 11:15 p.m.11 views

CVE-2021-39131

ced detects character encoding using Google’s compactencdet library. In ced v0.1.0, passing data types other than Buffer causes the Node.js process to crash. The problem has been patched in ced v1.0.0. As a workaround, before passing an argument to ced, verify it’s a Buffer using Buffer.isBuffero...

7.5CVSS6.7AI score
Exploits0References3
Snyk
Snyk
added 2021/06/17 3:54 p.m.4 views

Denial of Service (DoS)

Overview xlsx is a Parser and writer for various spreadsheet formats. Affected versions of this package are vulnerable to Denial of Service DoS. An attacker who can send a malicious excel file parsed by this library can crash the Node.JS process. Note: xlsx package after version 0.18.5 is...

7.5CVSS9.2AI score0.0088EPSS
Exploits0References2
Rows per page
Query Builder