Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

327 matches found

RedHat Linux
RedHat Linuxadded 2017/10/18 7:51 a.m.2 views

nodejs: Constant Hashtable Seeds vulnerability

It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a deni...

7.5CVSS7.1AI score0.00545EPSS
Exploits1References5
OSV
OSVadded 2017/07/13 9:10 a.m.4 views

MGASA-2017-0204 Updated nodejs packages fix security vulnerability

Node.js has a defect that may make HTTP response splitting possible under certain circumstances. If user-input is passed to the reason argument to writeHead on an HTTP response, a new-line character may be used to inject additional responses CVE-2016-5325. The tls.checkServerIdentity function in...

6.1CVSS6.6AI score0.00985EPSS
Exploits0References6
CNVD
CNVDadded 2017/05/19 12:0 a.m.2 views

Red Hat Keycloak Node.js adapter authentication bypass vulnerability

Red Hat Keycloak Node.js adapter Red Hat's open source set of Node.js adapters for authentication and access management software in modern applications and services. A security vulnerability exists in Red Hat Keycloak Node.js adapter versions 2.5 through 3.0, which stems from the program failing ...

9.8CVSS7.2AI score0.01726EPSS
Exploits0References1
OSV
OSVadded 2017/01/23 9:59 p.m.2 views

DEBIAN-CVE-2015-8858

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service CPU consumption via crafted input in a parse call, aka a "regular expression denial of service ReDoS."...

7.5CVSS6.7AI score0.00902EPSS
Exploits1References1
CNVD
CNVDadded 2016/10/16 12:0 a.m.2 views

IBM SDK for Node.js Denial of Service Vulnerability

IBM SDK for Node.js is a set of U.S. IBM based on the Node.js open source project and for the IBM platform to provide an independent JavaScript runtime environment and server-side JavaScript solutions . A local denial of service vulnerability exists in IBM SDK for Node.js. An attacker could explo...

8.1CVSS8.9AI score0.00477EPSS
Exploits0References1
OSV
OSVadded 2016/04/07 9:59 p.m.1 views

DEBIAN-CVE-2016-2086

Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header...

7.5CVSS8.2AI score0.00482EPSS
Exploits0References1
CNVD
CNVDadded 2016/01/12 12:0 a.m.1 views

TrendMicro node.js http server arbitrary command execution vulnerability

Trend Micro is a global leader in network security software and services, leading the trend from desktop antivirus to network server and gateway antivirus with excellent foresight and technological innovation capabilities, and proving Trend Micro's foresight and leadership to the industry with it...

7.6AI score
Exploits0References1
Rows per page
Query Builder