Lucene search
K

153 matches found

Exploit DB
Exploit DB
added 2025/07/16 12:0 a.m.316 views

NodeJS 24.x - Path Traversal

Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...

7.5CVSS5.7AI score0.09752EPSS
Exploits5
CBLMariner
CBLMariner
added 2025/07/10 3:9 p.m.3 views

CVE-2025-47279 affecting package nodejs for versions less than 20.14.0-8

CVE-2025-47279 affecting package nodejs for versions less than 20.14.0-8. A patched version of the package is available...

3.1CVSS7.3AI score0.00254EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/07/10 3:9 p.m.5 views

CVE-2025-23165 affecting package nodejs for versions less than 20.14.0-9

CVE-2025-23165 affecting package nodejs for versions less than 20.14.0-9. A patched version of the package is available...

3.7CVSS7.3AI score0.0048EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/06/05 12:0 a.m.3 views

AlmaLinux 9 : nodejs:20 (ALSA-2025:8468)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8468 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

7.5CVSS7.9AI score0.00763EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/05 12:0 a.m.4 views

AlmaLinux 9 : nodejs:22 (ALSA-2025:8467)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the AlmaLinux securit...

7.5CVSS7.9AI score0.00763EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/06/04 12:0 a.m.5 views

Oracle Linux 9 : nodejs:20 (ELSA-2025-8468)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8468 advisory. nodejs 1:20.19.2-1 - Update to version 20.19.2 Resolves: RHEL-92865 RHEL-88876 RHEL-91597 nodejs-nodemon nodejs-packaging Tenable has extracted the preceding...

7.5CVSS7.9AI score0.00763EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/06/03 7:53 p.m.4 views

nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js

A flaw was found in Node.js, specifically in the C++ method SignTraits::DeriveBits. This vulnerability can allow a remote attacker to crash the Node.js runtime via untrusted input, triggering an exception in a background thread...

7.5CVSS7.2AI score0.00763EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.7 views

CVE-2023-34109

zxcvbn-ts is an open source password strength estimator written in typescript. This vulnerability affects users running on the nodeJS platform which are using the second argument of the zxcvbn function. It can result in an unbounded resource consumption as the user inputs array is extended with...

7.5CVSS6.8AI score0.00496EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/22 12:0 a.m.13 views

Oracle Linux 9 : nodejs:20 (ELSA-2025-7426)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7426 advisory. nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78764 1:20.18.2-3 - Update c-ares to 1.34.5 to address CVE-2025-31498 nodejs-nodemon...

8.3CVSS7.3AI score0.00555EPSS
Exploits0References2
ArchLinux
ArchLinux
added 2025/05/18 12:0 a.m.25 views

[ASA-202505-6] nodejs: denial of service

Arch Linux Security Advisory ASA-202505-6 ========================================= Severity: High Date : 2025-05-18 CVE-ID : CVE-2025-23166 Package : nodejs Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-2871 Summary ======= The package nodejs before version...

7.5CVSS7.1AI score0.00763EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/05/13 12:0 a.m.10 views

Fortinet FortiClient Code Execution due to Node.JS Environment Variable (FG-IR-24-025) (macOS)

The version of FortiClient installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-025 advisory. - An improper isolation or compartmentalization vulnerability CWE-653 in FortiClientMac version 7.4.2 and below, version...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/05/05 12:0 a.m.7 views

Oracle Linux 8 : nodejs:20 (ELSA-2025-4461)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-4461 advisory. nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498 Tenable has extracted the...

8.3CVSS7.3AI score0.00555EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/04/24 3:8 p.m.9 views

CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7

CVE-2025-27516 affecting package nodejs for versions less than 20.14.0-7. A patched version of the package is available...

8.8CVSS7.3AI score0.00465EPSS
Exploits0
CBLMariner
CBLMariner
added 2025/04/19 3:8 p.m.6 views

CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1

CVE-2020-28493 affecting package nodejs for versions less than 20.14.0-1. A patched version of the package is available...

5.3CVSS7.3AI score0.03546EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/04/09 12:0 a.m.12 views

Azure Linux 3.0 Security Update: c-ares / fluent-bit / grpc / nodejs (CVE-2023-31130)

The version of c-ares / fluent-bit / grpc / nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-31130 advisory. - c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a...

6.4CVSS6.6AI score0.00333EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/20 12:0 a.m.16 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 / python-jinja2 (CVE-2025-27516)

The version of nodejs / nodejs18 / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27516 advisory. - Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in how the...

8.8CVSS7.9AI score0.00465EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.3 views

Debian dla-4067 : libnode-dev - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4067 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4067-1 [email protected] https://www.debian.org/lts/security/...

5.3CVSS6.5AI score0.01282EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/21 12:0 a.m.9 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2025-23085)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23085 advisory. - A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY...

5.3CVSS6.6AI score0.01282EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/21 12:0 a.m.8 views

Azure Linux 3.0 Security Update: nodejs / nodejs18 (CVE-2024-22020)

The version of nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22020 advisory. - A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-netwo...

6.5CVSS7.5AI score0.01104EPSS
Exploits0References2
CBLMariner
CBLMariner
added 2025/02/19 4:8 p.m.7 views

CVE-2024-22020 affecting package nodejs for versions less than 20.14.0-5

CVE-2024-22020 affecting package nodejs for versions less than 20.14.0-5. A patched version of the package is available...

6.5CVSS6.7AI score0.01104EPSS
Exploits0
Rows per page
Query Builder