Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4389 matches found

OSV
OSVadded 2018/06/13 4:29 p.m.1 views

DEBIAN-CVE-2018-7167

Calling Buffer.fill or Buffer.alloc with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc and Buffer.fill were updated so that they zero fill instead of hanging in these cases. All versions of...

7.5CVSS9.1AI score0.07214EPSS
Exploits0References1
OSV
OSVadded 2018/06/13 4:29 p.m.1 views

UBUNTU-CVE-2018-7161

All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service DoS by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug wher...

7.5CVSS7.1AI score0.07855EPSS
Exploits0References4
CNVD
CNVDadded 2018/06/13 12:0 a.m.1 views

Express-cart Arbitrary File Upload Vulnerability

express-cart is a shopping cart module for use in Node.js. An arbitrary file upload vulnerability exists in express-cart versions prior to 1.1.7. An attacker can exploit this vulnerability to gain access on a hosted device...

9CVSS8.9AI score0.2745EPSS
Exploits1References1
CNVD
CNVDadded 2018/06/13 12:0 a.m.1 views

Unspecified vulnerability in noderequest

noderequest is a package of request nodes for use in Node.js. A security vulnerability exists in noderequest. An attacker can exploit the vulnerability to steal environment variables...

7.5CVSS7.6AI score0.01123EPSS
Exploits0References1
OSV
OSVadded 2018/06/07 2:29 a.m.1 views

CVE-2017-16184

scott-blanch-weather-app is a sample Node.js app using Express 4. scott-blanch-weather-app is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url...

7.5CVSS5.8AI score0.02005EPSS
Exploits1References2
OSV
OSVadded 2018/06/07 2:29 a.m.3 views

AZL-43819 CVE-2017-16137 affecting package nodejs-nodemon 2.0.3-4

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

5.3CVSS6.4AI score0.02798EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2018/06/05 8:1 a.m.19 views

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS3.7AI score0.04412EPSS
Exploits0References1
NVD
NVDadded 2018/06/04 7:29 p.m.20 views

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS9.7AI score0.04412EPSS
Exploits0References3
OSV
OSVadded 2018/06/04 7:29 p.m.4 views

AZL-44547 CVE-2017-16042 affecting package js-jquery 3.5.0-4

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS7.5AI score0.04412EPSS
Exploits0References1
OSV
OSVadded 2018/06/04 7:29 p.m.1 views

DEBIAN-CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS9.4AI score0.04412EPSS
Exploits0References1
OSV
OSVadded 2018/06/04 7:29 p.m.13 views

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS9.9AI score
Exploits0References3
UbuntuCve
UbuntuCveadded 2018/06/04 7:29 p.m.14 views

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS7.2AI score0.04412EPSS
Exploits0References4
Prion
Prionadded 2018/06/04 7:29 p.m.15 views

Command injection

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

7.5CVSS9.6AI score0.04412EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2018/06/04 7:29 p.m.0 views

UBUNTU-CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS5.9AI score0.04412EPSS
Exploits0References5
CVE
CVEadded 2018/06/04 7:0 p.m.57 views

CVE-2017-16049

The CVE-2017-16049 case corresponds to the npm package nodesqlite, described across multiple sources as malware that steals environment variables and exfiltrates them to attacker-controlled locations. The core issue is malicious code published in nodesqlite intended to hijack environment variable...

7.5CVSS7.4AI score0.01177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2018/06/04 7:0 p.m.19 views

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.7AI score0.04412EPSS
Exploits0References3
CVE
CVEadded 2018/06/04 7:0 p.m.93 views

CVE-2017-16042

The CVE-2017-16042 entry concerns Growl for Node.js. Affected: growl prior to version 1.10.2. Root cause: input is not properly sanitized before being passed to exec, enabling arbitrary command execution. Impact: remote command execution via crafted input in the Growl integration for nodejs. Expl...

9.8CVSS9.5AI score0.04412EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVEadded 2018/06/04 7:0 p.m.12 views

CVE-2017-16042

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

9.8CVSS9.7AI score0.04412EPSS
Exploits0
Prion
Prionadded 2018/06/04 4:29 p.m.11 views

Remote code execution

node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

9.3CVSS8.1AI score0.01752EPSS
Exploits0References1
NVD
NVDadded 2018/06/01 6:29 p.m.18 views

CVE-2016-10626

mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1
Rows per page
Query Builder