Lucene search
K

38416 matches found

EUVD
EUVD
added 2026/03/27 10:23 p.m.6 views

EUVD-2026-16324

path-to-regexp vulnerable to Denial of Service via sequential optional groups...

7.5CVSS5.9AI score0.00791EPSS
Exploits0References3
NVD
NVD
added 2026/03/27 10:16 p.m.2 views

CVE-2026-33979

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS0.00382EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 10:12 p.m.3 views

CVE-2026-33891

A flaw was found in the node-forge library, a JavaScript implementation of Transport Layer Security. This vulnerability, inherited from the bundled jsbn library, allows a remote attacker to cause a Denial of Service DoS. When the BigInteger.modInverse function is called with a zero value, it ente...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References5
NVD
NVD
added 2026/03/27 9:17 p.m.6 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.0058EPSS
Exploits1References9
NVD
NVD
added 2026/03/27 9:17 p.m.6 views

CVE-2026-33875

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

9.3CVSS0.00265EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/27 9:17 p.m.1 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 9:17 p.m.2 views

UBUNTU-CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.8AI score0.0058EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/27 9:3 p.m.20 views

CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion

Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, Handlebars.compile accepts a pre-parsed AST object in addition to a template string. The value field of a NumberLiteral AST node is emitted directly into the generated JavaScript withou...

9.8CVSS0.01739EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:55 p.m.2 views

CVE-2026-33904

Ella Core is a 5G core designed for private networks. Prior to version 1.7.0, a deadlock in the AMF's SCTP notification handler causes the entire AMF control plane to hang until the process is restarted. An attacker with access to the N2 interface can cause Ella Core to hang, resulting in a denia...

6.5CVSS5.9AI score0.00165EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/03/27 8:47 p.m.60 views

CVE-2026-33895

Summary: CVE-2026-33895 affects Forge (node-forge) prior to 1.4.0, where Ed25519 signature verification does not enforce S

7.5CVSS6.6AI score0.00338EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/03/27 8:43 p.m.2 views

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:43 p.m.3 views

CVE-2026-33891

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 8:43 p.m.1 views

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References2
CVE
CVE
added 2026/03/27 8:43 p.m.23 views

CVE-2026-33891

CVE-2026-33891 affects Forge/node-forge prior to 1.4.0, where BigInteger.modInverse() can enter an infinite loop when given zero, causing a DoS with 100% CPU. The issue is resolved in 1.4.0. Related OSV entries confirm patches in downstream packages (e.g., Root’s @rootio/node-forge) with multiple...

7.5CVSS5.9AI score0.0058EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2026/03/27 8:43 p.m.23 views

CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library...

7.5CVSS0.0058EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:23 p.m.1 views

CVE-2026-33874

Gematik Authenticator securely authenticates users for login to digital health applications. Starting in version 4.12.0 and prior to version 4.16.0, the Mac OS version of the Authenticator is vulnerable to remote code execution, triggered when victims open a malicious file. Update the gematik...

7.8CVSS6.1AI score0.00282EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/03/27 8:16 p.m.4 views

CVE-2026-4971

A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks...

5.3CVSS0.00155EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 8:16 p.m.6 views

CVE-2026-34388

Fleet is open source device management software. Prior to 4.81.0, a denial-of-service vulnerability in Fleet's gRPC Launcher endpoint allows an authenticated host to crash the entire Fleet server process by sending an unexpected log type value. The server terminates immediately, disrupting all...

8.7CVSS0.00263EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/27 8:16 p.m.3 views

CVE-2026-33871

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/27 7:55 p.m.25 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS0.01125EPSS
Exploits0References1
Rows per page
Query Builder