Lucene search
K

4477 matches found

Nuclei
Nuclei
added 8 hours ago145 views

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS7.4AI score0.59844EPSS
Exploits2
Nuclei
Nuclei
added 8 hours ago9 views

Lodash Template - Server-Side Template Injection (RCE)

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. id: CVE-2021-23337 info: name: Lodash Template - Server-Side Template Injection RCE author: DhiyaneshDk severity: high description: | Lodash versions prior to 4.17.21 are vulnerable to Command Injectio...

7.2CVSS6.7AI score0.2241EPSS
Exploits3References4
Nuclei
Nuclei
added yesterday55 views

Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

7.5CVSS7.1AI score0.34012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 days ago5 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs24: nodejs24-24.18.0-0.3.hum1 aarch64, x8664 nodejs24-bin-24.18.0-0.3.hum1 noarch nodejs24-devel-24.18.0-0.3.hum1 aarch64, x8664 nodejs24-docs-24.18.0-0.3.hum1 noarch...

8.8CVSS6.7AI score0.00759EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added 4 days ago3 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-bin-26.5.0-1.3.hum1 noarch nodejs26-devel-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-docs-26.5.0-1.3.hum1 noarch...

7.5CVSS6.9AI score0.00759EPSS
Exploits0References7
CVE
CVE
added 6 days ago10 views

CVE-2026-49866

CVE-2026-49866 affects the JavaScript libp2p implementation, specifically the @libp2p/gossipsub component. The root cause is defaultDecodeRpcLimits allowing maxIhaveMessageIDs and maxIwantMessageIDs to be Infinity prior to v16.0.0, enabling oversized IHAVE/IWANT control message arrays in message/...

7.5CVSS6AI score0.00446EPSS
Exploits0References4
Rockylinux
Rockylinux
added 6 days ago6 views

nodejs22 security, bug fix, and enhancement update

An update is available for nodejs22. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime \ for easily...

9.8CVSS6AI score0.02806EPSS
Exploits1
OSV
OSV
added 2026/07/07 10:9 a.m.4 views

RHSA-2026:35891 Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS6.4AI score0.02806EPSS
Exploits1References76
OSV
OSV
added 2026/07/07 10:9 a.m.4 views

RHSA-2026:35892 Red Hat Security Advisory: nodejs:22 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS5.9AI score0.02806EPSS
Exploits1References66
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.8 views

Important: Red Hat Security Advisory: nodejs:22 security, bug fix, and enhancement update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS7AI score0.02806EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6.4AI score0.00405EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS7AI score0.00674EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 3:7 p.m.6 views

nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling

A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs,...

7.5CVSS6.5AI score0.00437EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.5 views

nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling

A flaw was found in Node.js. This vulnerability in the TLS Transport Layer Security hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose...

9.8CVSS6.4AI score0.00405EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.8 views

Important: Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update

An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References17
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.6 views

nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames

A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service...

7.5CVSS6.7AI score0.00656EPSS
Exploits0References5
OSV
OSV
added 2026/07/06 10:8 a.m.4 views

RHSA-2026:35842 Red Hat Security Advisory: nodejs22 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS5.9AI score0.02806EPSS
Exploits1References66
RedHat Linux
RedHat Linux
added 2026/07/06 5:32 a.m.6 views

nodejs: Node.js: Certification validation bypass in TLS host verification

A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...

4.3CVSS5.9AI score0.00258EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 4:52 a.m.8 views

nodejs: Node.js: Unauthorized file metadata modification

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system...

3.3CVSS6.2AI score0.00154EPSS
Exploits0References5
Rows per page
Query Builder