Lucene search
+L

7 matches found

nessus
nessus
added 2025/10/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-11149

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects all versions of the package node-static; all versions of the package @nubosoftware/node- static. The package fails to catch an exception when user...

7.5CVSS5.8AI score0.00489EPSS
Exploits0References3
nvd
nvd
added 2025/09/30 11:37 a.m.45 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS0.00489EPSS
Exploits0References3
debiancve
debiancve
added 2025/09/30 5:0 a.m.10 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS5.2AI score0.00489EPSS
Exploits0
osv
osv
added 2025/09/30 5:0 a.m.9 views

CVE-2025-11149

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.6AI score0.00489EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/09/30 12:0 a.m.9 views

PT-2025-40035

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server...

7.5CVSS6.8AI score0.00489EPSS
Exploits0References7
github
github
added 2023/03/06 6:30 a.m.33 views

node-static and @nubosoftware/node-static vulnerable to Directory Traversal

node-static and its fork, @nubosoftware/node-static, are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS7.5AI score0.01445EPSS
Exploits1References6Affected Software2
osv
osv
added 2023/03/06 5:15 a.m.14 views

CVE-2023-26111

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

7.5CVSS5.8AI score0.01445EPSS
Exploits1References4
Rows per page
Query Builder