Lucene search
+L

366 matches found

osv
osv
added 13 hours ago4 views

RLSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
redhat
redhat
added yesterday3 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.7AI score0.00437EPSS
Exploits0References5
redhat
redhat
added 2 days ago9 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.7AI score0.00437EPSS
Exploits0References5
osv
osv
added 6 days ago4 views

RLSA-2026:35841 Important: nodejs24 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
susecve
susecve
added 6 days ago4 views

SUSE CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

7.5CVSS6.1AI score0.01064EPSS
Exploits1References8
ubuntu
ubuntu
added last week6 views

USN-8525-1: curl vulnerabilities

Harry Sintonen discovered that curl incorrectly handled credentials when following HTTP redirects in conjunction with .netrc files. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS...

9.8CVSS6.8AI score0.01378EPSS
Exploits10
osv
osv
added 2026/07/08 12:6 p.m.4 views

RLSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

8.1CVSS6.6AI score0.02806EPSS
Exploits1References14
osv
osv
added 2026/07/07 12:3 a.m.5 views

RLSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References16
redhatcve
redhatcve
added 2026/07/06 8:28 p.m.9 views

CVE-2026-9079

A flaw was found in curl. When libcurl is instructed to clear proxy authentication credentials, it fails to do so, leaving the old credentials available. This could lead to the unintended reuse of sensitive proxy authentication credentials for subsequent network transfers, potentially resulting i...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References6
redhat
redhat
added 2026/07/06 3:7 p.m.6 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References5
redhat
redhat
added 2026/07/06 2:47 p.m.10 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References5
redhat
redhat
added 2026/07/06 5:32 a.m.6 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS5.9AI score0.00437EPSS
Exploits0References5
redhat
redhat
added 2026/07/06 5:32 a.m.13 views

Important: Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6AI score0.02806EPSS
Exploits1References15
redhat
redhat
added 2026/07/06 4:52 a.m.7 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.8AI score0.00437EPSS
Exploits0References5
osv
osv
added 2026/07/06 12:0 a.m.8 views

ALSA-2026:35892 Important: nodejs:22 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS7.1AI score0.02806EPSS
Exploits1References28
osv
osv
added 2026/07/06 12:0 a.m.4 views

ALSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

9.8CVSS5.9AI score0.02806EPSS
Exploits1References28
osv
osv
added 2026/07/06 12:0 a.m.5 views

ALSA-2026:35891 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References32
snyk
snyk
added 2026/07/03 8:16 a.m.8 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the process responsible for clearing proxy authentication credentials. An attacker can gain unauthorized access to sensitive proxy credentials by leveraging subsequent transfers that reuse stale authentication...

9.8CVSS6AI score0.01064EPSS
Exploits1References2
osv
osv
added 2026/07/03 7:16 a.m.4 views

ALPINE-CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS6AI score0.01064EPSS
Exploits1References1
nvd
nvd
added 2026/07/03 7:16 a.m.7 views

CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS0.01064EPSS
Exploits1References3
Rows per page
Query Builder