Poster - CVE CyberSecurity Database News (Page 252)

Feb 5, 2025 Exploit

CVE-2024-57079 - Prototype Pollution in `lib.deepMerge` of @zag-js/core v.50. Exploitable for DoS

A recently disclosed vulnerability, CVE-2024-57079, affects the lib.deepMerge function in the open-source JavaScript library @zag-js/core version .50.. This bug allows attackers to perform

Feb 5, 2025 Exploit

CVE-2024-57077 - Prototype Pollution Vulnerability in utils-extend 1..8 – What You Need to Know

Recently, security researchers have discovered a new vulnerability that affects the popular npm package utils-extend, specifically version 1..8 – which, at the time of writing,

Feb 5, 2025 API

CVE-2024-57075 - Prototype Pollution in `lib.Logger` of eazy-logger v4..1 Allows DoS

In this post, we’ll take a closer look at CVE-2024-57075, a prototype pollution vulnerability discovered in the popular npm package eazy-logger, version 4..1,

Feb 5, 2025 API Exploit

CVE-2025-24319 - How Undisclosed API Requests Can Crash BIG-IP Next Central Manager Kubernetes Node

In early 2025, a new vulnerability was discovered in F5’s BIG-IP Next Central Manager product. Catalogued as CVE-2025-24319, this issue affects the system’s

Feb 5, 2025

CVE-2025-23419 - Bypassing Client Certificate Authentication in NGINX with Session Tickets and Shared IPs

In early 2025, a significant security issue—CVE-2025-23419—was discovered in the way NGINX handles TLS session resumption across multiple virtual servers (or “server blocks”