32 matches found
Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header
A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...
CVE-2026-2229
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the servermaxwindowbits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. ...
nodejs: Nodejs denial of service
A denial of service flaw has been discovered in NodeJS. A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
CVE-2025-59465
A malformed HTTP/2 HEADERS frame with oversized, invalid HPACK data can cause Node.js to crash by triggering an unhandled TLSSocket error ECONNRESET. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not...
EUVD-2022-6046
Malicious code in bioql PyPI...
EUVD-2025-1517
Malicious code in bioql PyPI...
EUVD-2025-12106
Malicious code in bioql PyPI...
Qwik 安全漏洞
Qwik is a micro web framework open-sourced by Qwik Dev. A security vulnerability exists in Qwik versions prior to 1.13.0, which stems from an unhandled invalid qfunc error that could cause the service to crash...
CVE-2025-43855
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855 tRPC 11 WebSocket DoS Vulnerability
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 to before 11.1.1, an unhandled error is thrown when validating invalid connectionParams which crashes a tRPC WebSocket server. This allows any unauthenticated user to cras...
CVE-2025-43855
CVE-2025-43855 affects tRPC 11 WebSocket servers (versions 11.0.0–11.1.0) where validating malformed connectionParams can throw an unhandled error, crashing the server. Any unauthenticated user can trigger this on WebSocket-enabled servers with a createContext method. The issue has been patched i...
tRPC 安全漏洞
tRPC is a TypeScript framework for building type-safe APIs from the tRPC community. A security vulnerability exists in tRPC version 11.0.0 that stems from an unhandled error that could cause the WebSocket server to crash...
CVE-2025-0158
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation...
CVE-2025-0158
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation...
CVE-2025-0158
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation...
CVE-2025-0158 IBM EntireX denial of service
IBM EntireX 11.1 could allow a local user to cause a denial of service due to an unhandled error and fault isolation...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an error condition that was not handled correctly...