Lucene search
K

7 matches found

OSV
OSV
added 2026/06/29 5:48 a.m.5 views

BIT-NODE-2026-48928

A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.4CVSS6.1AI score0.00256EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:16 a.m.12 views

CVE-2026-48615

A flaw in Node.js proxy tunnel error handling could expose proxy credentials in ERRPROXYTUNNEL error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability...

7.5CVSS0.00437EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:14 a.m.9 views

EUVD-2026-39607

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.5AI score0.00656EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 2:50 p.m.4 views

BIT-NODE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 6:59 p.m.12 views

CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS5.8AI score0.00371EPSS
Exploits1
CVE
CVE
added 2026/06/18 4:21 p.m.64 views

CVE-2026-48617

CVE-2026-48617 describes a flaw in Node.js permission model enforcement that allows bypass via path misvalidation in process.report.writeReport(), potentially affecting confidentiality and integrity under affected configurations. Affected: all supported Node.js release lines (22, 24, 26). Impact ...

1.8CVSS4.9AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 7:8 a.m.18 views

CVE-2025-9661

Summary: CVE-2025-9661: OS command injection in the management GUI (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28. Affected products/versions: Hitachi VSP One Block 23, 24, 26 and 28 (before DKCMAIN A3-04-21-40/00 and ESM A3-04-21/00). Vulnerability: OS command in...

9.8CVSS5.8AI score0.009EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder