Lucene search
K

397 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.7 views

BIT-NODE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.7CVSS7.1AI score0.00674EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 8:51 a.m.6 views

BIT-NODE-MIN-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS6.1AI score0.00371EPSS
Exploits1References5
F5 Networks
F5 Networks
added 2026/06/26 6:39 a.m.10 views

K000161920: Node.js vulnerability CVE-2026-48619

Security Advisory Description A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26. CVE-2026-48619 Impa...

7.5CVSS6.3AI score0.00656EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.43 views

CVE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

4.2CVSS0.00256EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/22 10:21 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP Agent. An attacker can cause a client to accept a response as valid before the client has sent its request by exploiting the timing of HTTP responses. Remediation A fix was...

6.3CVSS6.2AI score0.00371EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-48617

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypas...

1.8CVSS6.2AI score0.00208EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Node.js

Node.js versions prior to 16.6.1, 14.17.5, and 12.22.5 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...

7.5CVSS6.7AI score0.13861EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Node.js

Due to the formatting logic of the "console.table" function, it is not safe to allow user-controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "proto". This approach causes prototy...

8.2CVSS6.3AI score0.21514EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Node.js

If the Node.js HTTPS API was used incorrectly, and “undefined” was passed as the “rejectUnauthorized” parameter, no error would be returned, and connections to servers with expired certificates would be accepted...

5.3CVSS6.4AI score0.1473EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Node.js

Node.js versions before 16.6.0, 14.17.4, and 12.22.4 are vulnerable to a “use after free” attack, where an attacker could exploit memory corruption to alter the behavior of the process...

9.8CVSS6.7AI score0.37286EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.16 views

RHEL 9 : nodejs:20 (RHSA-2026:9874)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9874 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

8.7CVSS7.4AI score0.26356EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.11 views

nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

5.9CVSS6.6AI score0.00283EPSS
Exploits0References5
Redos
Redos
added 2026/04/10 12:0 a.m.8 views

ROS-20260410-73-0003

A vulnerability in the Node.js software platform involves cross-boundary critical data deletion errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality and integrity of protected information...

7.1CVSS7.3AI score0.03493EPSS
Exploits0
Redos
Redos
added 2026/04/10 12:0 a.m.9 views

ROS-20260410-73-0004

A vulnerability in the Node.js software platform involves an incorrect restriction of the path name of a restricted directory. Exploitation of the vulnerability could allow an attacker to compromise the system...

9.1CVSS7.3AI score0.01633EPSS
Exploits2
Redos
Redos
added 2026/04/10 12:0 a.m.9 views

ROS-20260410-73-0002

A vulnerability in the Node.js software platform involves cross-boundary critical data deletion errors. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality and integrity of protected information...

7.1CVSS7.3AI score0.03493EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.3 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.3AI score0.00159EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/04/07 7:10 a.m.133 views

Exploit for Improper Input Validation in Nodejs Node.Js

Node.js-specific security flaws Constant Hashtable Seeds...

7.5CVSS7.3AI score0.05478EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/31 10:11 p.m.5 views

CVE-2026-21716

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.8CVSS6.2AI score0.00159EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/31 9:42 p.m.4 views

CVE-2026-21717

A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by...

5.9CVSS5.8AI score0.00283EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/27 2:26 p.m.6 views

CVE-2021-27191

The get-ip-range package before 4.0.0 for Node.js is vulnerable to denial of service DoS if the range is untrusted input. An attacker could send a large range such as 128.0.0.0/1 that causes resource exhaustion...

7.5CVSS6.6AI score0.02031EPSS
Exploits1References1
Rows per page
Query Builder