Node.js: HashDoS in V8

The V8 release used in Node.js v24.0.0 changed how string hashes were computed using rapidhash. This implementation reintroduced the HashDoS vulnerability, where an attacker who could control the stri ...

Continue Reading

July 17, 2025

Fastify: Remote Code Execution via unsafe usage of `reply.view({ raw })` in @fastify/view (EJS template engine)

The @fastify/view plugin, when used with the EJS engine and the reply.view({ raw: <user-controlled-string> }) pattern, allowed arbitrary EJS execution. This vulnerability arose from the ...

Continue Reading

July 17, 2025

curl: curl_easy_header runs at O(N) or worse and can be abused to use minute(s) of CPU time

Vulnerability description not...Read More ...

Continue Reading

July 17, 2025

curl: Speculative Execution Side-Channel in `curl`

Vulnerability description not...Read More ...

Continue Reading

July 17, 2025

curl: CRLF Injection in `–proxy-header` allows extra HTTP headers (CWE-93)

Vulnerability description not...Read More ...

Continue Reading

July 17, 2025

curl: HTTP/2 CONTINUATION Flood Vulnerability

Vulnerability description not...Read More ...

Continue Reading

July 17, 2025

curl: curl -OJ allows creating custom .curlrc file which allows exfiltrating private data, among other things

Vulnerability description not...Read More ...

Continue Reading

July 17, 2025

curl: HTTP/3 Stream Dependency Cycle Exploit

Vulnerability description not...Read More ...

Continue Reading

July 17, 2025

1 68,619 68,620 68,621 68,622 68,623 385,998

Back to Main
Subscribe for the latest news: