RabbitZ INFO

Tag: sicherheitsluecken

Home / Tag: Sicherheitslücken
Mai
31
0

CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2025-23167 A flaw in Node.js 20’s HTTP parser allows improper termination of HTTP/1 headers using `rnrX` instead of the required `rnrn`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-21717 A flaw in V8’s string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8’s internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `–permission` without `–allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `–allow-net` is intentionally omitted to restrict network access. Note that `–allow-net` is currently an experimental feature.

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-42250 Off-by-One Leading to Out-of-Bounds Write in bzip2

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-46242 eventpoll: fix ep_remove struct eventpoll / struct file UAF

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more
Mai
31
0

CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans

Information published.
BlackRabbitZ   No comments   Common Vulnerabilities, CVE, exploitability, exploitable, Exposures, malware, Sicherheitslücken,
Read more

Neuste News

© 2026 Made by BlackRabbitZ.