exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 62

RLSA-2026:8339

21 день назад

Important: nodejs:20 security update

EPSS: Низкий

RLSA-2026:7896

23 дня назад

Important: nodejs:20 security update

EPSS: Низкий

ELSA-2026-8339

20 дней назад

ELSA-2026-8339: nodejs:20 security update (IMPORTANT)

EPSS: Низкий

ELSA-2026-7896

23 дня назад

ELSA-2026-7896: nodejs:20 security update (IMPORTANT)

EPSS: Низкий

RLSA-2026:7302

27 дней назад

Important: nodejs:22 security update

EPSS: Низкий

RLSA-2026:7123

28 дней назад

Important: nodejs:22 security update

EPSS: Низкий

RLSA-2026:7080

24 дня назад

Important: nodejs22 security update

EPSS: Низкий

ELSA-2026-7302

27 дней назад

ELSA-2026-7302: nodejs:22 security update (IMPORTANT)

EPSS: Низкий

ELSA-2026-7123

28 дней назад

ELSA-2026-7123: nodejs:22 security update (IMPORTANT)

EPSS: Низкий

ELSA-2026-7080

29 дней назад

ELSA-2026-7080: nodejs22 security update (IMPORTANT)

EPSS: Низкий

RLSA-2026:7670

23 дня назад

Important: nodejs:24 security update

EPSS: Низкий

ELSA-2026-7670

24 дня назад

ELSA-2026-7670: nodejs:24 security update (IMPORTANT)

EPSS: Низкий

RLSA-2026:7675

21 день назад

Important: nodejs24 security update

EPSS: Низкий

RLSA-2026:7350

27 дней назад

Important: nodejs:24 security update

EPSS: Низкий

ELSA-2026-7675

24 дня назад

ELSA-2026-7675: nodejs24 security update (IMPORTANT)

EPSS: Низкий

ELSA-2026-7350

27 дней назад

ELSA-2026-7350: nodejs:24 security update (IMPORTANT)

EPSS: Низкий

CVE-2026-21710

около 1 месяца назад

A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**

CVSS3: 7.5

EPSS: Низкий

CVE-2026-21710

около 1 месяца назад

CVSS3: 7.5

EPSS: Низкий

CVE-2026-21710

около 1 месяца назад

CVSS3: 7.5

EPSS: Низкий

CVE-2026-21710

29 дней назад

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
RLSA-2026:8339 Important: nodejs:20 security update			21 день назад
RLSA-2026:7896 Important: nodejs:20 security update			23 дня назад
ELSA-2026-8339 ELSA-2026-8339: nodejs:20 security update (IMPORTANT)			20 дней назад
ELSA-2026-7896 ELSA-2026-7896: nodejs:20 security update (IMPORTANT)			23 дня назад
RLSA-2026:7302 Important: nodejs:22 security update			27 дней назад
RLSA-2026:7123 Important: nodejs:22 security update			28 дней назад
RLSA-2026:7080 Important: nodejs22 security update			24 дня назад
ELSA-2026-7302 ELSA-2026-7302: nodejs:22 security update (IMPORTANT)			27 дней назад
ELSA-2026-7123 ELSA-2026-7123: nodejs:22 security update (IMPORTANT)			28 дней назад
ELSA-2026-7080 ELSA-2026-7080: nodejs22 security update (IMPORTANT)			29 дней назад
RLSA-2026:7670 Important: nodejs:24 security update			23 дня назад
ELSA-2026-7670 ELSA-2026-7670: nodejs:24 security update (IMPORTANT)			24 дня назад
RLSA-2026:7675 Important: nodejs24 security update			21 день назад
RLSA-2026:7350 Important: nodejs:24 security update			27 дней назад
ELSA-2026-7675 ELSA-2026-7675: nodejs24 security update (IMPORTANT)			24 дня назад
ELSA-2026-7350 ELSA-2026-7350: nodejs:24 security update (IMPORTANT)			27 дней назад
CVE-2026-21710 A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2026-21710 A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2026-21710 A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on 20.x, 22.x, 24.x, and v25.x	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2026-21710	CVSS3: 7.5	0% Низкий	29 дней назад

Уязвимостей на страницу