NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID Description Published Base Score Attack Vector Severity Actions
CVE-2026-48935 A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. `--allow-fs-read`. Thi... 2026-06-26 N/A None None NVD
CVE-2026-48934 A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release ... 2026-06-26 N/A None None NVD
CVE-2026-48933 A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affec... 2026-06-26 7.5 NETWORK HIGH NVD
CVE-2026-48930 A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver... 2026-06-26 9.8 NETWORK CRITICAL NVD
CVE-2026-48928 A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported... 2026-06-26 5.4 NETWORK MEDIUM NVD
CVE-2026-48619 A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client... 2026-06-26 7.5 NETWORK HIGH NVD
CVE-2026-48618 A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to r... 2026-06-26 6.5 NETWORK MEDIUM NVD
CVE-2026-48615 A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embed... 2026-06-26 7.5 NETWORK HIGH NVD
CVE-2026-13322 A flaw was found in KubeVirt's downward metrics virtio-serial server. The server reads guest requests using textproto.Reader.ReadLine(), which buffers... 2026-06-26 3.8 LOCAL LOW NVD
CVE-2026-13318 A server-side request forgery (SSRF) flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMa... 2026-06-26 6.4 NETWORK MEDIUM NVD
CVE-2026-13218 A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.Writ... 2026-06-26 4.2 LOCAL MEDIUM NVD
CVE-2026-13083 A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An att... 2026-06-26 6.9 NETWORK MEDIUM NVD
CVE-2026-12993 A flaw was found in Apicurio Registry. The DocumentBuilderAccessor correctly blocks external DTD and schema access but does not disable DOCTYPE declar... 2026-06-26 6.5 NETWORK MEDIUM NVD
CVE-2026-40941 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows... 2026-06-25 6.5 NETWORK MEDIUM NVD
CVE-2026-40084 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal through the Report for... 2026-06-25 6.5 NETWORK MEDIUM NVD