150 matches found
EUVD-2025-22261
Malicious code in bioql PyPI...
EUVD-2023-3146
Malicious code in bioql PyPI...
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...
Linux Distros Unpatched Vulnerability : CVE-2014-7192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other...
Security Bulletin: IBM Transformation Advisor is affected by vulnerability found in Node.js (CVE-2025-7338)
Summary There is a vulnerability in Node.js used by IBM Transformation Advisor, The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version...
Linux Distros Unpatched Vulnerability : CVE-2016-2086
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks vi...
Linux Distros Unpatched Vulnerability : CVE-2017-11499
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote D...
Linux Distros Unpatched Vulnerability : CVE-2021-33587
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...
Linux Distros Unpatched Vulnerability : CVE-2021-44533
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects...
23march (=1.0.0), @castyiglitchxz/alert-box-package (>=1.0.0 <=1.2.5) +30 more potentially affected by unknown CVE via node.js (=0.0.1-security)
node.js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on node.js and may be impacted: - 23march =1.0.0 - @castyiglitchxz/alert-box-package =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.1, =1.0.5, =1.0.0, =1.2.5, =1.2.1, =0.0.1, =2.2.0...
Tenable Identity Exposure < 3.77.13(LTS) / 3.93.2 Vulnerable Nodejs (TNS-2025-16)
The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.13LTS or 3.93.2. It therefore contains a version of Nodejs that could be vulnerable. Tenable has upgrade these components to address the potential impact of the issues. Note that Nessus has...
RockyLinux 9 : nodejs:22 (RLSA-2025:8467)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...
RockyLinux 9 : nodejs:20 (RLSA-2025:7426)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7426 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the RockyLinux security...
Improper Authentication
@haxtheweb/haxcms-nodejs is vulnerable to improper authentication. The vulnerability is due to an insecure default configuration in the NodeJS backend that disables JWT checks by default, which allows an attacker to gain unauthorized access if the server is deployed without modifying these defaul...
CVE-2025-54137
HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...
CVE-2025-54134
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...
CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2025-23166)
The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23166 advisory. - The C++ method SignTraits::DeriveBits May incorrectly call ThrowException based on user-supplied...
NodeJS 24.x - Path Traversal
Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...
CVE-2025-23165 affecting package nodejs for versions less than 20.14.0-9
CVE-2025-23165 affecting package nodejs for versions less than 20.14.0-9. A patched version of the package is available...
CVE-2025-47279 affecting package nodejs for versions less than 20.14.0-8
CVE-2025-47279 affecting package nodejs for versions less than 20.14.0-8. A patched version of the package is available...