Lucene search
+L

18 matches found

osv
osv
added 2026/06/29 5:48 a.m.7 views

BIT-NODE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.1AI score0.00256EPSS
Exploits0References2
f5
f5
added 2026/06/26 6:39 a.m.12 views

K000161920: Node.js vulnerability CVE-2026-48619

Security Advisory Description A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26. CVE-2026-48619 Impa...

7.5CVSS6.3AI score0.00656EPSS
Exploits0
nvd
nvd
added 2026/06/26 2:16 a.m.13 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS0.00437EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/06/26 1:14 a.m.10 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.00405EPSS
Exploits0
osv
osv
added 2026/06/26 1:14 a.m.4 views

CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References16
euvd
euvd
added 2026/06/26 1:14 a.m.11 views

EUVD-2026-39607

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.5AI score0.00656EPSS
Exploits0References1
cve
cve
added 2026/06/26 1:14 a.m.213 views

CVE-2026-48618

CVE-2026-48618 is a Node.js TLS hostname handling issue involving unicode dot separator handling that can bypass wildcard-depth authentication due to resolver/verifier hostname normalization mismatches. Connected updates confirm the vulnerability affects Node.js 22, 24, and 26 across releases. SU...

7.7CVSS6.7AI score0.02486EPSS
Exploits0References15Affected Software1
osv
osv
added 2026/06/23 2:50 p.m.5 views

BIT-NODE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS
Exploits0References3
nvd
nvd
added 2026/06/22 8:16 p.m.12 views

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS0.00371EPSS
Exploits1References4
debiancve
debiancve
added 2026/06/22 6:59 p.m.15 views

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS5.8AI score0.00371EPSS
Exploits1
attackerkb
attackerkb
added 2026/06/18 4:21 p.m.8 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References3Affected Software1
cve
cve
added 2026/06/18 4:21 p.m.72 views

CVE-2026-48617

CVE-2026-48617 describes a flaw in Node.js permission model enforcement that allows bypass via path misvalidation in process.report.writeReport(), potentially affecting confidentiality and integrity under affected configurations. Affected: all supported Node.js release lines (22, 24, 26). Impact ...

1.8CVSS4.9AI score0.00208EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.12 views

PT-2026-38818

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracl...

3.7CVSS5.8AI score0.00746EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/03/30 12:0 a.m.11 views

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...

5.9CVSS6.8AI score0.00385EPSS
Exploits0References1
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-2513

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00656EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2024/08/02 12:0 a.m.5 views

PT-2024-25529 · Cosy+ · Cosy+

Name of the Vulnerable Software and Affected Versions: Cosy+ devices versions 21.x through 21.2s9 Cosy+ devices versions 22.x through 22.1s2 Description: The issue concerns insecure permissions in Cosy+ devices, which can lead to information leakage through cookies. This problem is resolved in...

7.5CVSS6.7AI score0.0045EPSS
Exploits2References9
vulnersosv
vulnersosv
added 2024/07/01 3:32 p.m.8 views

@ag-grid-enterprise/all-modules (>=22.0.0 <=27.3.0), @ag-grid-enterprise/charts-enterprise (>=31.1.0 <=31.3.3) +54 more potentially affected by CVE-2024-39001 via @ag-grid-enterprise/charts (>=22.0.0 <=31.3.3)

@ag-grid-enterprise/charts NPM version =22.0.0, =22.0.0, =31.1.0, =0.1.43, =0.0.1, =0.1.46, =0.0.1, =0.0.6, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1-1 and more Source cves: CVE-2024-39001 Source advisory: OSV:GHSA-328P-362G-R48J...

6.3CVSS5.7AI score0.00827EPSS
Exploits1
attackerkb
attackerkb
added 2022/05/24 10:44 a.m.5 views

CVE-2022-29567

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure ...

7.5CVSS7.1AI score0.00915EPSS
Exploits0References3Affected Software2
Rows per page
Query Builder