ByteOS Network

developer_hub

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-3118

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-6.5||MEDIUM

EPSS-0.02% / 6.39%

7 Day CHG~0.00%

Published-25 Feb, 2026 | 11:25

Updated-05 May, 2026 | 21:16

Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin

A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.

Vendor-Red Hat, Inc.

Product-developer_hub Red Hat Developer Hub 1.8 Red Hat Developer Hub 1.9

CWE ID-CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVE-2025-14874

Assigner-Red Hat, Inc.

View Details

Assigner-Red Hat, Inc.

CVSS Score-7.5||HIGH

EPSS-0.22% / 44.55%

7 Day CHG~0.00%

Published-18 Dec, 2025 | 08:40

Updated-08 Jan, 2026 | 03:15

Nodemailer: nodemailer: denial of service via crafted email address header

A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.

Vendor-nodemailer nodemailer Red Hat, Inc.

Product-ceph_storage advanced_cluster_management_for_kubernetes nodemailer developer_hub Red Hat Advanced Cluster Management for Kubernetes 2 Red Hat Developer Hub Red Hat Ceph Storage 8 nodemailer

CWE ID-CWE-703

Improper Check or Handling of Exceptional Conditions