Lucene search
K

23 matches found

Cvelist
Cvelist
added 2026/06/22 6:59 p.m.42 views

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS0.00371EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48619

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This...

7.5CVSS6.4AI score0.00656EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/01/20 9:16 p.m.5 views

CVE-2025-59465

A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...

7.5CVSS7.3AI score0.03782EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29121

Malware in sbrugna...

7.5CVSS6.1AI score0.08794EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2025/05/23 12:0 a.m.12 views

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Windows

Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

6.5CVSS6.6AI score0.00466EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/23 12:0 a.m.11 views

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Mac OS X

Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

6.5CVSS6.7AI score0.00466EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/02/07 7:9 a.m.30 views

CVE-2025-23085

A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory...

5.3CVSS0.01282EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/05/10 8:17 a.m.43 views

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor repackages a vulnerable version of Node.js and express. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By...

8.2CVSS7.9AI score0.87211EPSS
Exploits1Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/03/27 12:0 a.m.44 views

Rocky Linux 8 : nodejs:16 (RLSA-2024:1444)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1444 advisory. - The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited i...

7.5CVSS7.2AI score0.99999EPSS
Exploits19References5
Tenable Nessus
Tenable Nessus
added 2024/03/26 12:0 a.m.48 views

Oracle Linux 9 : nodejs:18 (ELSA-2024-1503)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1503 advisory. - Fixes: CVE-2024-21892 CVE-2024-22019 high Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Not...

7.8CVSS7AI score0.03168EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/09/15 8:18 a.m.22 views

Security Bulletin: IBM Operational Decision Manager August 2023 - Multiple CVEs addressed

Summary IBM Operational Decision Manager is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-2047...

9.8CVSS9.2AI score0.17673EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/28 1:39 a.m.63 views

Security Bulletin: IBM Cognos Analytics is affected but not classified as vulnerable to multiple vulnerabilities

Summary IBM Cognos Analytics is affected but not classified as vulnerable to vulnerabilities, based on current information, in the following 3rd-party components: Stanford coreNLP, FasterXML jackson-databind, SnakeYAML, Dromera Hutool, jsoup, Node.js vm2 and Node.js http-cache-semantics. These...

10CVSS9.5AI score0.72087EPSS
Exploits27Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/30 6:28 p.m.19 views

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js http-cache-semantics module denial of service ( CVE-2022-25881)

Summary Potential Node.js http-cache-semantics module denial of service CVE-2022-25881 has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. Refer to details for additional information. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js...

7.5CVSS6.8AI score0.01613EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/05 7:33 p.m.32 views

Security Bulletin: Node.js http-cache-semantics module is vulnerable to CVE-2022-25881 used in IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Node.js http-cache-semantics module which is vulnerable to CVE-2022-25881. Vulnerability Details CVEID:CVE-2022-25881 DESCRIPTION: Node.js http-cache-semantics module is vulnerable to a denial of service, caused by a regular expression denial of service...

7.5CVSS6.8AI score0.01613EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2023/05/18 5:29 p.m.50 views

SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...

9.8CVSS6.8AI score0.57132EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2023/05/18 5:29 p.m.43 views

GHSA-MGC4-WQV7-4PXM SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Impact Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other...

9.8CVSS9.5AI score
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2023/05/18 12:0 a.m.10 views

SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding header

Affected SwiftNIO systems are vulnerable to request smuggling attacks, in which they parse a given HTTP message differently from other network parties, potentially seeing a different number of requests than other servers. This can lead to failures of authentication, routing, and other issues. Thi...

7AI score
Exploits0References9Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/10 6:29 p.m.52 views

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF018 and 22.0.2-IF002. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of servic...

7.5CVSS8.4AI score0.91153EPSS
Exploits13Affected Software2
OSV
OSV
added 2022/07/14 3:15 p.m.2 views

DEBIAN-CVE-2022-32215

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling HRS...

6.5CVSS6.6AI score0.68796EPSS
Exploits1References1
OSV
OSV
added 2022/07/14 3:15 p.m.2 views

ALPINE-CVE-2022-32214

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

6.5CVSS7AI score0.77278EPSS
Exploits1References1
Rows per page
Query Builder