CVE-2025-7656 affecting package nodejs18 for versions less than 18.20.3-8

CVE-2025-7656 affecting package nodejs18 for versions less than 18.20.3-8. A patched version of the package is available...

nodejs:22 security update

An update is available for module.nodejs-nodemon, nodejs-packaging, module.nodejs-packaging, nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

nodejs:22 security update

An update is available for module.nodejs-nodemon, nodejs, nodejs-nodemon, nodejs-packaging, module.nodejs, module.nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

nodejs:20 security update

An update is available for module.nodejs-nodemon, nodejs, nodejs-nodemon, nodejs-packaging, module.nodejs, module.nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHSA-2025:11802 Red Hat Security Advisory: nodejs:22 security update

Bulletin has no description...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: nodejs:22 security update

An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

AlmaLinux 8 : nodejs:22 (ALSA-2025:11803)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:11803 advisory. sqlite: Integer Truncation in SQLite CVE-2025-6965 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory. Note that...

Oracle Linux 8 : nodejs:22 (ELSA-2025-11803)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11803 advisory. - Patch fix for sqlite CVE-2025-6965 Resolves: RHEL-103835 - Update to 22.16.0 Fixes: CVE-2025-23166 - Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300...

sql-injection-payload-list

It is an offensive tool for SQL injection. The repository contains a list of SQL injection payloads. The primary CVE ID is not explicitly mentioned, but the payloads are likely used to exploit SQL injection vulnerabilities. The target product/service is not specified, but the payloads are likely...

Improper Authorization

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Improper Authorization in the API endpoints, which do not verify user permissions before performing operations. An attacker can gain unauthorized access to resources or perform actions...

@haxtheweb/create (>=0.1.3 <=11.0.2), @haxtheweb/open-apis (=11.0.2) potentially affected by CVE-2025-54378 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=10.0.6)

@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2 - @haxtheweb/open-apis =11.0.2 Source cves: CVE-2025-54378 Source advisory: OSV:GHSA-9JR9-8FF3-M894...

CVE-2025-54139

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credentials for the user and superuser accounts. Additionally, the application has default private keys for JWTs. Users aren't prompted to change...

Cross-Site Scripting (XSS)

@haxtheweb/haxcms-nodejs is vulnerable to cross-site scripting. The vulnerability is due to the explicit disabling of the Content Security Policy CSP in the Helmet configuration in app.js, which allows an attacker to inject and execute malicious scripts in the context of the application...

Improper Authentication

@haxtheweb/haxcms-nodejs is vulnerable to improper authentication. The vulnerability is due to an insecure default configuration in the NodeJS backend that disables JWT checks by default, which allows an attacker to gain unauthorized access if the server is deployed without modifying these defaul...

Malicious code in nodejs-backpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb99e7712a778eec132a6648afa1e407630ce06d816611aade3e1e1986562f0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-6234 Malicious code in nodejs-backpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb99e7712a778eec132a6648afa1e407630ce06d816611aade3e1e1986562f0a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Photon OS 4.0: Nodejs PHSA-2025-4.0-0839

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0839. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...