Lucene search
K

57 matches found

NVD
NVD
added 2025/10/10 8:15 p.m.50 views

CVE-2025-61927

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS0.00613EPSS
Exploits0References2
OSV
OSV
added 2025/10/10 7:38 p.m.30 views

CVE-2025-61927 Happy-DOM has VM Context Escape

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS6.8AI score0.00613EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/10 7:38 p.m.62 views

CVE-2025-61927 Happy-DOM has VM Context Escape

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS0.00613EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/10 7:38 p.m.4 views

CVE-2025-61927 Happy-DOM has VM Context Escape

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS6.8AI score0.00613EPSS
Exploits0References2
CVE
CVE
added 2025/10/10 7:38 p.m.53 views

CVE-2025-61927

CVE-2025-61927 affects Happy DOM v19 and earlier, where the Node.js VM Context is not isolated and untrusted JavaScript executed inside the Happy DOM VM can escape to access process-level functionality. Depending on module system (ESM vs CommonJS), attackers may obtain access to powerful objects ...

7.2CVSS6.8AI score0.00613EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.7 views

PT-2025-41599

Name of the Vulnerable Software and Affected Versions Happy DOM versions 19 and lower Description Happy DOM, a JavaScript implementation of a web browser without a graphical user interface, contains a security issue that could lead to Remote Code Execution RCE attacks. The Node.js VM Context with...

10CVSS7AI score0.00613EPSS
Exploits0References23
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.23 views

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom version 19 and earlier, which stems from insufficient isolation of the Node.js VM Context environment and could...

7.2CVSS7.8AI score0.00613EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3226

Malicious code in bioql PyPI...

9.3CVSS9AI score0.00741EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2024/11/08 2:30 p.m.31 views

CVE-2024-51757

A flaw was found in happy-dom. This vulnerability allows remote code execution via a script tag, potentially executing code in the user context of happy-dom...

9.8CVSS7.5AI score0.00741EPSS
Exploits0References9
NVD
NVD
added 2024/11/06 8:15 p.m.25 views

CVE-2024-51757

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...

9.3CVSS0.00741EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/11/06 7:18 p.m.28 views

CVE-2024-51757 Fixes security vulnerability that allowed for server side code to be executed by a <script> tag

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...

9.3CVSS0.00741EPSS
Exploits0References6
OSV
OSV
added 2024/11/06 7:18 p.m.7 views

CVE-2024-51757 Fixes security vulnerability that allowed for server side code to be executed by a <script> tag

happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There ar...

9.3CVSS8.9AI score0.00741EPSS
Exploits0References8
CVE
CVE
added 2024/11/06 7:18 p.m.74 views

CVE-2024-51757

CVE-2024-51757 affects the JavaScript library happy-dom (a headless browser implementation). Versions prior to 15.10.2 may execute code on the host via a script tag, running in the user context of happy-dom with high impact on confidentiality, integrity, and availability. The issue is triggered b...

9.3CVSS6.6AI score0.00741EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2024/11/06 3:27 p.m.6 views

@adaptive-web/adaptive-ui (>=0.4.1 <=0.13.1), @adaptive-web/adaptive-ui-designer-core (>=0.1.0 <=0.6.0) +185 more potentially affected by CVE-2024-51757 via happy-dom (>=0.0.1 <=15.0.0)

happy-dom NPM version =0.0.1, =0.4.1, =0.1.0, =0.1.0, =0.6.1, =0.11.0, =16.0.0, =0.0.1-beta.9, =0.0.1-beta.3, =0.0.1-alpha.0, =0.0.1-alpha.2, =0.1.2, =0.0.2, =1.0.4, =1.0.306 - @devsisters/gatsby-preset =3.0.0-rc - @devsisters/gatsby-stack =2.0.0-rc and more Source cves: CVE-2024-51757 Source...

9.3CVSS7.2AI score0.00741EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/11/06 3:27 p.m.34 views

happy-dom allows for server side code to be executed by a <script> tag

Impact Consumers of the NPM package happy-dom Patches The security vulnerability has been patched in v15.10.2 Workarounds No easy workarounds to my knowledge References 1585...

9.3CVSS6.8AI score0.00741EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/06 12:0 a.m.5 views

PT-2024-34888 · Happy-Dom · Happy-Dom

Name of the Vulnerable Software and Affected Versions: happy-dom versions prior to 15.10.2 Description: happy-dom is a JavaScript implementation of a web browser without its graphical user interface. It may execute code on the host via a script tag, which would execute code in the user context of...

9.3CVSS7.4AI score0.00741EPSS
Exploits0References15
CNNVD
CNNVD
added 2024/11/06 12:0 a.m.5 views

happy-dom 代码注入漏洞

happy-dom is a JavaScript implementation of a web browser without a graphical user interface by the individual developer David Ortner. A code injection vulnerability exists in happy-dom versions prior to 15.10.2, which originates from code execution on the host via script tags, leading to code...

9.3CVSS9.4AI score0.00741EPSS
Exploits0References7
Rows per page
Query Builder