Lucene search
+L

4513 matches found

Nuclei
Nuclei
added 8 hours ago57 views

Node.js st module Directory Traversal

A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e encoded dot dot in an unspecified path. id: CVE-2014-3744 info: name: Node.js st module Directory Traversal author: geeknik severity: high description: A...

7.5CVSS7.8AI score0.34012EPSS
Exploits0References5
Nuclei
Nuclei
added 8 hours ago147 views

Nodejs Squirrelly - Remote Code Execution

Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuratio...

8.8CVSS8.7AI score0.59844EPSS
Exploits2
Nuclei
Nuclei
added 8 hours ago9 views

Lodash Template - Server-Side Template Injection (RCE)

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. id: CVE-2021-23337 info: name: Lodash Template - Server-Side Template Injection RCE author: DhiyaneshDk severity: high description: | Lodash versions prior to 4.17.21 are vulnerable to Command Injectio...

7.2CVSS6.4AI score0.2241EPSS
Exploits3References4
OSV
OSV
added yesterday3 views

RHSA-2026:39868 Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS6.5AI score0.02806EPSS
Exploits1References76
Rockylinux
Rockylinux
added yesterday6 views

nodejs:24 security, bug fix, and enhancement update

An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS6.5AI score0.02806EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2 days ago4 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.6AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago5 views

nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch

A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS Transport Layer Security hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security...

7.7CVSS6.9AI score0.02486EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2 days ago6 views

Important: Red Hat Security Advisory: nodejs:24 security, bug fix, and enhancement update

An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.5AI score0.02806EPSS
Exploits1References17
OSV
OSV
added 2 days ago2 views

RHSA-2026:39246 Red Hat Security Advisory: nodejs22 security update

Bulletin has no description...

8.1CVSS6.9AI score0.02806EPSS
Exploits1References27
NVD
NVD
added 3 days ago4 views

CVE-2026-53486

The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink...

9.1CVSS0.00588EPSS
Exploits0References7
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-53486 decompress: Archive extraction can create files and links outside the target directory

The decompress package for Node.js extracts archives. Prior to 10.2.1 and 11.1.3, archive extraction can create files and links outside the target directory. When extracting an archive to a directory, a crafted archive can read or write files outside that directory because hardlink and symlink...

9.1CVSS0.00588EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 days ago11 views

Important: Red Hat Security Advisory: nodejs22 security update

An update for nodejs22 is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

8.1CVSS6.8AI score0.02806EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 3 days ago11 views

CVE-2026-39246

A flaw was found in the decompress package for Node.js. The package creates symlinks from archive entries during extraction without validating the link target against the output directory, because the existing containment check only applies to regular file entries. An attacker who can supply a...

7.5CVSS6.1AI score0.00501EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 6 days ago6 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs24: nodejs24-24.18.0-0.3.hum1 aarch64, x8664 nodejs24-bin-24.18.0-0.3.hum1 noarch nodejs24-devel-24.18.0-0.3.hum1 aarch64, x8664 nodejs24-docs-24.18.0-0.3.hum1 noarch...

8.8CVSS6.7AI score0.00789EPSS
Exploits2References12
RedHat Linux
RedHat Linux
added last week4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-bin-26.5.0-1.3.hum1 noarch nodejs26-devel-26.5.0-1.3.hum1 aarch64, x8664 nodejs26-docs-26.5.0-1.3.hum1 noarch...

7.5CVSS6.9AI score0.00789EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/10 3:35 a.m.6 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nodejs26: nodejs26-26.4.0-1.4.hum1 aarch64, x8664 nodejs26-bin-26.4.0-1.4.hum1 noarch nodejs26-devel-26.4.0-1.4.hum1 aarch64, x8664 nodejs26-docs-26.4.0-1.4.hum1 noarch...

7.5CVSS6.1AI score0.0037EPSS
Exploits1References3
CVE
CVE
added 2026/07/08 8:47 p.m.11 views

CVE-2026-49866

CVE-2026-49866 affects the JavaScript libp2p implementation, specifically the @libp2p/gossipsub component. The root cause is defaultDecodeRpcLimits allowing maxIhaveMessageIDs and maxIwantMessageIDs to be Infinity prior to v16.0.0, enabling oversized IHAVE/IWANT control message arrays in message/...

7.5CVSS6AI score0.00446EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2026/07/08 4:2 p.m.4 views

CVE-2026-48618 affecting package nodejs for versions less than 24.17.0-1

CVE-2026-48618 affecting package nodejs for versions less than 24.17.0-1. An upgraded version of the package is available that resolves this issue...

7.7CVSS7AI score0.02486EPSS
Exploits0
OSV
OSV
added 2026/07/08 12:6 p.m.6 views

RLSA-2026:35842 Important: nodejs22 security, bug fix, and enhancement update

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed...

8.1CVSS6.6AI score0.02806EPSS
Exploits1References14
Rockylinux
Rockylinux
added 2026/07/08 12:6 p.m.6 views

nodejs22 security, bug fix, and enhancement update

An update is available for nodejs22. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime \ for easily...

9.8CVSS6AI score0.02806EPSS
Exploits1
Rows per page
Query Builder