Payload 授权问题漏洞

Payload is a Headless CMS and application framework built using TypeScript, Node.js, React, and MongoDB. Payload suffers from an authorization issue vulnerability that stems from SQLite adapters reusing identifiers during account creation, which could lead to a session fixation attack...

Volto 安全漏洞

Volto is a content management system open-sourced by Plone Foundation. A security vulnerability exists in Volto versions prior to 19.0.0-alpha.4 and 18.24.0, which stems from the fact that an anonymous user's access to a specific URL may cause the NodeJS server to exit...

Linux Distros Unpatched Vulnerability : CVE-2018-7651

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - index.js in the ssri module before 5.2.2 for Node.js is prone to a regular expression denial of service vulnerability in strict mode functionality via a long...

Linux Distros Unpatched Vulnerability : CVE-2015-8859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. CVE-2015-8859 Note that Nessus relies on the presen...

Linux Distros Unpatched Vulnerability : CVE-2015-8862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting XSS attacks by leveraging a template with an attribute that is...

zip

This is a robust ZIP decoder with defenses against various types of malicious archive signatures, including dangerous compression ratios, spec deviations, and ambiguous UTF-8 filenames. The decoder is implemented in JavaScript and is designed to be used in a Node.js environment. It provides a ran...

Multer 安全漏洞

Multer is an expressjs open source middleware for Node.js. A security vulnerability exists in Multer versions 1.4.4-lts.1 through prior to 2.0.2, which stems from an unhandled exception in the handling of malformed multipart upload requests, which could lead to a denial of service...

CVE-2025-53620

@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS to exit. This vulnerability is fixed in...

CVE-2025-53620

@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS to exit. This vulnerability is fixed in...

CVE-2025-53620

The CVE-2025-53620 issue affects @builder.io/qwik-city (Qwik meta-framework) where executing a Qwik Server Action QRL may load the file containing the symbol; if an invalid qfunc is sent, the server does not handle the thrown error, causing a Node.js process exit. This is documented as a vulnerab...

CVE-2025-53620 Crashing any Qwik Server

@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS to exit. This vulnerability is fixed in...

CVE-2025-53620 Crashing any Qwik Server

@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then causes Node JS to exit. This vulnerability is fixed in...

Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests

Summary Possibility to craft a request that will crash the Qwik Server in the default configuration. Details When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then...

GHSA-QR9H-J6XG-2J72 Qwik's unhandled exception vulnerabilty can cause server crashes from malicious requests

Summary Possibility to craft a request that will crash the Qwik Server in the default configuration. Details When a Qwik Server Action QRL is executed it dynamically load the file containing the symbol. When an invalid qfunc is sent, the server does not handle the thrown error. The error then...

USN-7599-2 python-pip vulnerability

USN-7599-1 fixed vulnerabilities in python-urllib3. This update provides the corresponding update for python-pip for CVE-2025-50181. Original advisory details: Jacob Sandum discovered that urllib3 handled redirects even when they were explicitly disabled while using the PoolManager. An attacker...

USN-7599-1 python-urllib3 vulnerabilities

Jacob Sandum discovered that urllib3 handled redirects even when they were explicitly disabled while using the PoolManager. An attacker could possibly use this issue to obtain sensitive information. CVE-2025-50181 Illia Volochii discovered that urllib3 incorrectly handled retry and redirect...

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

nodejs: Memory Leak in Node.js ReadFileUtf8 Binding Leading to DoS

A flaw was found in the ReadFileUtf8 internal binding of Node.js. This vulnerability can allow an attacker to cause an application denial of service via repeated file read operations that trigger an unrecoverable memory leak due to a corrupted pointer in the underlying file system binding...

nodejs: Improper HTTP Header Termination in Node.js 20 Enables Request Smuggling

A flaw was found in the HTTP parser of Node.js. This vulnerability allows attackers to perform request smuggling and bypass proxy-based access controls via improperly terminated HTTP/1 headers using \r\n\rX instead of the standard \r\n\r\n...

CVE-2025-26621 OpenCTI vulnerable to Denial of Service through web hook

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.5.2, any user with the capability manage customizations can edit webhook that will execute javascript code. This can be abused to cause a denial of service attack by prototype...