Lucene search
K

4 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:41 p.m.5 views

Security Bulletin:Jetty URI Parser Differences and Potential Security Implications

Summary The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs...

6.5CVSS7.2AI score0.00159EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/03 9:28 a.m.11 views

Security Bulletin: auth0/node-jws HS256 signature verification bypass via improper HMAC secret handling (≤3.2.2, 4.0.0)

Summary auth0/node-jws HS256 signature verification bypass due to improper HMAC secret handling versions ≤ 3.2.2 and 4.0.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0,...

7.5CVSS5.3AI score0.002EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/26 6:27 p.m.6 views

Security Bulletin: Mongoose Improper Handling of Nested $where in populate() Match Allows Search Injection

Summary Mongoose improper handling of nested $where in populate match allows search injection due to incomplete fix for CVE-2024-53900. Vulnerability Details CVEID:CVE-2025-23061 DESCRIPTION: Mongoose before 8.9.5 can improperly use a nested $where filter with a populate match, leading to search...

9.8CVSS7.9AI score0.07025EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/11 6:4 p.m.20 views

Security Bulletin: Erlang/OTP SSH Protocol Flaw Allows Remote Code Execution

Summary Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution RCE. By exploiting a flaw in SSH protocol message handling, a malicious...

10CVSS10AI score0.97673EPSS
Exploits36Affected Software1
Rows per page
Query Builder