Skip to content

TheWindowsUpdate.com

Opinions, tips, and news orbiting Microsoft

Search for:

Primary menu

Home
About TheWindowsUpdate.com

Month: May 2026

CVE-2025-23167 A flaw in Node.js 20’s HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2025-23167 A flaw in Node.js 20’s HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`.
This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests.

The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination.

Impact:
* This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.→

Posted in Republished Content | Leave a reply

CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a “read-only” file descriptor to change the owner and permissions of a file.

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-write flag is used.

Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a “read-only” file descriptor to change the owner and permissions of a file.→

Posted in Republished Content | Leave a reply

CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the –allow-fs-read flag is used.
This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.→

Posted in Republished Content | Leave a reply

CVE-2026-40034 gitoxide – Command Injection via Partial .gitmodules Override in gix-submodule

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-40034 gitoxide – Command Injection via Partial .gitmodules Override in gix-submodule→

Posted in Republished Content | Leave a reply

CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI→

Posted in Republished Content | Leave a reply

CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date→

Posted in Republished Content | Leave a reply

CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob→

Posted in Republished Content | Leave a reply

CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

Posted on May 31, 2026 by Syndicated News — No Comments ↓

Information published. Continue reading CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data→

Posted in Republished Content | Leave a reply

Post navigation

← Older posts

Primary Sidebar Widget Area

Search for:

Recent Posts

Tune into XBOX Games Showcase June 7
Tune into XBOX Games Showcase June 7
Introducing Surface Laptop Ultra: Made for world makers
Introducing Surface Laptop Ultra: Made for world makers
CVE-2025-23167 A flaw in Node.js 20’s HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade.

Archives

Copyright © 2026 TheWindowsUpdate.com. All Rights Reserved.

Theme: Catch Box by Catch Themes

Scroll Up