|
271
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In JetBrains YouTrack before 2026.2.16593 default role configuration exposed excessive user profile details
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-57924
|
2026-06-27 01:12 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags
New
|
CWE-862
Missing Authorization
|
CVE-2026-57925
|
2026-06-27 01:12 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
2.6 |
LOW
Network
|
-
|
-
|
In JetBrains YouTrack before 2026.2.16593 the websandbox bridge was vulnerable to a prototype pollution attack
New
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-57926
|
2026-06-27 01:12 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages.
When proxy credentials are embedded in the proxy URL, they may be exposed through…
New
|
CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-48615
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client.
This vulnerability affects all supported rel…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-48619
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
4.2 |
MEDIUM
Network
|
-
|
-
|
A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, a…
New
|
CWE-284
Improper Access Control
|
CVE-2026-48928
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
5.6 |
MEDIUM
Network
|
-
|
-
|
A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings.
This vulnerability affects all supp…
New
|
CWE-284
Improper Access Control
|
CVE-2026-48930
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation.
This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node…
New
|
-
|
CVE-2026-48934
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
3.3 |
LOW
Local
|
-
|
-
|
A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`.
This vulnerability affects all supported release lin…
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-48935
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
3.3 |
LOW
Local
|
-
|
-
|
A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission.
This vulnerability affects one supported release line…
New
|
CWE-284
Improper Access Control
|
CVE-2026-48936
|
2026-06-27 01:11 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
