Lucene search
+L

20 matches found

osv
osv
added 2026/07/06 8:22 p.m.3 views

SUSE-SU-2026:22565-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to version 24.18.0 bsc1269825. Security issues fixed: - CVE-2026-2581: undici: denial of service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: response queue poisoning on reused keep-alive sockets can lead ...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References44
osv
osv
added 2026/06/30 9:6 a.m.3 views

SUSE-SU-2026:2695-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: - CVE-2026-48618: tls: normalize hostname for server identity checks bsc1268593. - CVE-2026-48933: crypto: guard WebCrypto cipher output length bsc1268592. - CVE-2026-48615: lib,test: redact proxy credentials in tunnel errors bsc1268598. -...

9.8CVSS6.1AI score0.02806EPSS
Exploits3References39
redhatcve
redhatcve
added 2026/06/05 7:18 p.m.11 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...

8.7CVSS5.5AI score0.00346EPSS
Exploits0References1
nessus
nessus
added 2026/06/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-9496

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References3
susecve
susecve
added 2026/05/27 2:52 a.m.17 views

SUSE CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function's regex replacement and string-manipulation...

5.5CVSS7.1AI score0.00346EPSS
Exploits0References7
osv
osv
added 2026/05/26 7:16 a.m.7 views

DEBIAN-CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References1
nvd
nvd
added 2026/05/26 7:16 a.m.14 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS0.00346EPSS
Exploits0References4
osv
osv
added 2026/05/26 7:16 a.m.7 views

UBUNTU-CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/26 5:0 a.m.9 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/05/26 5:0 a.m.17 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References5
debiancve
debiancve
added 2026/05/26 5:0 a.m.13 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0
euvd
euvd
added 2026/05/26 5:0 a.m.14 views

EUVD-2026-31793

Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation logic, causing...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References3
cve
cve
added 2026/05/26 5:0 a.m.94 views

CVE-2026-9496

CVE-2026-9496 affects the npm package pacote

8.7CVSS7.1AI score0.00346EPSS
Exploits0References4
cvelist
cvelist
added 2026/05/26 5:0 a.m.50 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS0.00346EPSS
Exploits0References4
osv
osv
added 2026/05/26 5:0 a.m.2 views

CVE-2026-9496

Versions of the package pacote from 11.2.7 and before 21.5.1 are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement and string-manipulation...

8.7CVSS7.1AI score0.00346EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.8 views

pacote 安全漏洞

pacote is a npm open-source tool that retrieves package lists and compressed packages from the npm repository. Version pacote 11.2.7 has a security vulnerability. This vulnerability stems from the addGitSha function, which may lead to a denial-of-service attack. Attackers can trigger this functio...

8.7CVSS5.7AI score0.00346EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/05/26 12:0 a.m.14 views

PT-2026-43191

Name of the Vulnerable Software and Affected Versions pacote versions 11.2.7 and later Description A Regular Expression Denial of Service ReDoS exists in the addGitSha function. An attacker can cause excessive CPU consumption, potentially stalling or crashing the process, by providing a specially...

8.7CVSS5.8AI score0.00346EPSS
Exploits0References83
snyk
snyk
added 2024/10/16 4:2 p.m.10 views

Denial of Service (DoS)

Overview pacote is a JavaScript package downloader Affected versions of this package are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s regex replacement an...

8.7CVSS5.5AI score0.00346EPSS
Exploits0References2
snyk
snyk
added 2024/10/16 4:2 p.m.13 views

Denial of Service (DoS)

Overview org.webjars.npm:pacote is a JavaScript package downloader Affected versions of this package are vulnerable to Denial of Service DoS via the addGitSha function. An attacker can exploit this vulnerability by supplying a specially crafted spec.rawSpec value that triggers the function’s rege...

8.7CVSS5.4AI score0.00346EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2021/08/05 5:7 p.m.5 views

@angular/cli (=9.1.0-next.3), @schematics/update (=0.901.0-next.3) +1 more potentially affected by unknown CVE via @npmcli/git (=1.0.1)

@npmcli/git NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @npmcli/git and may be impacted: - @angular/cli =9.1.0-next.3 - @schematics/update =0.901.0-next.3 - pacote =11.1.1 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
Rows per page
Query Builder