46 matches found
CVE-2026-46161
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setupgeo with zero farcopies setupgeo extracts nearcopies nc and farcopies fc from the user-provided layout parameter without checking for zero. When fc=0 with the "improved" far set layout...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevented bad user input in nsimdevhealthbreakwrite. If a zero count or a large number is provided, the kernel may crash...
GHSA-53P3-C7VP-4MCC Trix is vulnerable to XSS through JSON deserialization bypass in drag-and-drop (Level0InputController)
Impact The Trix editor, in versions prior to 2.1.18, is vulnerable to XSS when a crafted application/x-trix-document JSON payload is dropped into the editor in environments using the fallback Level0InputController e.g., embedded WebViews lacking Input Events Level 2 support. The...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the StringPiece.fromJSON function. An attacker can execute arbitrary JavaScript in the context of the victim's browser by tricking a user into dragging and dropping a crafted application/x-trix-document JSON...
CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
UBUNTU-CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
CVE-2026-33891
CVE-2026-33891 affects Forge/node-forge prior to 1.4.0, where BigInteger.modInverse() can enter an infinite loop when given zero, causing a DoS with 100% CPU. The issue is resolved in 1.4.0. Related OSV entries confirm patches in downstream packages (e.g., Root’s @rootio/node-forge) with multiple...
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...
Infinite loop
Overview node-forge is a JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely...
Infinite loop
Overview org.webjars.npm:node-forge is a WebJar for node-forge. Affected versions of this package are vulnerable to Infinite loop via the modInverse function. An attacker can cause the application to hang indefinitely and consume excessive CPU resources by supplying a zero value as input, resulti...
GHSA-5M6Q-G25R-MVWX Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...
PT-2026-28556
Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...
EUVD-2026-14371
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...
GHSA-8G7P-JF3G-GXCP jsrsasign is vulnerable to DoS through Infinite Loop when processing zero or negative inputs
Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...