153 matches found
NodeJS 24.x - Path Traversal
Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...
CVE-2025-47279 affecting package nodejs for versions less than 20.14.0-8
CVE-2025-47279 affecting package nodejs for versions less than 20.14.0-8. A patched version of the package is available...
CVE-2025-23165 affecting package nodejs for versions less than 20.14.0-9
CVE-2025-23165 affecting package nodejs for versions less than 20.14.0-9. A patched version of the package is available...
AlmaLinux 9 : nodejs:20 (ALSA-2025:8468)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8468 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...
AlmaLinux 9 : nodejs:22 (ALSA-2025:8467)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...
Oracle Linux 9 : nodejs:20 (ELSA-2025-8468)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8468 advisory. nodejs 1:20.19.2-1 - Update to version 20.19.2 Resolves: RHEL-92865 RHEL-88876 RHEL-91597 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...
nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js
A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...
CVE-2023-34109
zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...
Oracle Linux 9 : nodejs:20 (ELSA-2025-7426)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7426 advisory. nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78764 1:20.18.2-3 - Update c-ares to 1.34.5 to address CVE-2025-31498 nodejs-nodemon...
[ASA-202505-6] nodejs: denial of service
Arch Linux Security Advisory ASA-202505-6 ========================================= Severity: High Date : 2025-05-18 CVE-ID : CVE-2025-23166 Package : nodejs Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2871 Summary ======= The package nodejs before version...
Fortinet FortiClient Code Execution due to Node.JS Environment Variable (FG-IR-24-025) (macOS)
The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-025 advisory. - An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version...
Oracle Linux 8 : nodejs:20 (ELSA-2025-4461)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4461 advisory. nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498 Tenable has extracted the...
CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7
CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7. A patched version of the package is available...
CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1
CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...
Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31130)
The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31130 advisory. - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a...
Azure Linux 3.0 Security Update: nodejs / nodejs18 / python-jinja2 (CVE-2025-27516)
The version of nodejs / nodejs18 / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27516 advisory. - Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the...
Debian dla-4067 : libnode-dev - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4067 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4067-1 [email protected] https://www.debian.org/lts/security/...
Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-23085)
The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23085 advisory. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY...
Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-22020)
The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22020 advisory. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-netwo...
CVE-2024-22020 affecting package nodejs for versions less than 20.14.0-5
CVE-2024-22020 affecting package nodejs for versions less than 20.14.0-5. A patched version of the package is available...