@abysslabs/cli (=0.0.2), @analogjs/vite-plugin-nitro (>=2.4.0-alpha.2 <=3.0.0-alpha.1) +27 more potentially affected by CVE-2026-33490 via h3 (>=2.0.1-rc.11 <=2.0.1-rc.16)

h3 NPM version =2.0.1-rc.11, =2.4.0-alpha.2, =3.23.1-20260131-121433-34f631e, =0.15.0, =1.154.7, =0.0.1, =1.154.7, =1.154.7, =1.154.7, =2.0.0-beta.19 and more Source cves: CVE-2026-33490 Source advisory: OSV:GHSA-2J6Q-WHV2-GH6W...

Timing Attack

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to Timing Attack via the requireBasicAuth function. An attacker can recover valid authentication credentials by measuring response times and deducin...

HTTP Request Smuggling

Overview org.webjars.npm:h3 is a Minimal HTTP framework built for high performance and portability. Affected versions of this package are vulnerable to HTTP Request Smuggling via improper parsing of the Transfer-Encoding header in the readRawBody function. An attacker can bypass security controls...

The vulnerability of the .NET components in the communication protocol library used for connecting components of ASU systems in the Triangle MicroWorks DNP3 Source Code Library platform for managing public distribution and transmission networks. This allows a intruder to cause a service failure.

The vulnerability of .NET components in the communication protocol library used for connecting components of ASU systems in the Triangle MicroWorks DNP3 Source Code Library platform for managing public distribution and transmission networks, such as Schneider Electric Saitel DP RTU Remote Termina...

Regular Expression Denial of Service

Overview three before version 0.125.0 is vulnerable to Regular Expression Denial of Service ReDoS. This can happen when handling rgb or hsl colors. POC var three = require'three' function buildblank n var ret = "rgb" for var i = 0; i n; i++ ret += " " return ret + ""; var Color = three.Color var...