Lucene search
K

157 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.11 views

MiracleLinux 9 : nodejs-16.20.2-8.el9_4 (AXSA:2024-8149:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8149:02 advisory. nodejs: CONTINUATION frames DoS CVE-2024-27983 nodejs: using the fetch function to retrieve content from an untrusted URL leads to denial of service...

8.2CVSS7AI score0.87211EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : nodejs:20 (AXSA:2024-7667:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7667:01 advisory. nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTTP...

9.8CVSS8.2AI score0.03168EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.7 views

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. There are security vulnerabilities in Node.js, where the error related to the maximum call stack size when enabling asynchooks.createHook makes it impossible to catch certain exceptions,...

7.5CVSS7.1AI score0.00624EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.3 views

MiracleLinux 8 : nodejs:10 (AXSA:2021-1558:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1558:01 advisory. nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion CVE-2021-22883 nodejs: DNS rebinding in --inspect CVE-2021-22884 Tenable has...

7.8CVSS7.7AI score0.77385EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 7 : http-parser-2.7.1-8.el7 (AXSA:2019-4071:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4071:01 advisory. nodejs: Denial of Service with large HTTP headers CVE-2018-12121 nodejs: HTTP parser allowed for spaces inside Content-Length header values...

7.5CVSS7.5AI score0.10207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: nodejs (UTSA-2025-680625)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680625 advisory. Accepting arbitrary Subject Alternative Name SAN types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained...

7.4CVSS7AI score0.08373EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-38212

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00496EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-3146

Malicious code in bioql PyPI...

6.8CVSS6.2AI score0.00685EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2025-22261

Malicious code in bioql PyPI...

9.8CVSS6.4AI score0.00403EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/12 1:16 a.m.37 views

CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check

Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory...

7.5CVSS0.0106EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2014-7192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other...

10CVSS6AI score0.13441EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/28 3:51 p.m.4 views

Security Bulletin: IBM Transformation Advisor is affected by vulnerability found in Node.js (CVE-2025-7338)

Summary There is a vulnerability in Node.js used by IBM Transformation Advisor, The issues have been addressed in an update. Vulnerability Details CVEID:CVE-2025-7338 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version...

7.5CVSS9.1AI score0.00649EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2016-2086

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks vi...

7.5CVSS7.4AI score0.06257EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-11499

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote D...

7.5CVSS7.9AI score0.05478EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2021-33587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The css-what package 4.0.0 through 5.0.0 for Node.js does not ensure that attribute parsing has Linear Time Complexity relative to the size of the input...

7.5CVSS7AI score0.02267EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2021-44533

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js 12.22.9, 14.18.3, 16.13.2, and 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects...

5.3CVSS6.6AI score0.09358EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/08/14 6:52 p.m.20 views

23march (=1.0.0), @castyiglitchxz/alert-box-package (>=1.0.0 <=1.2.5) +30 more potentially affected by unknown CVE via node.js (=0.0.1-security)

node.js NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on node.js and may be impacted: - 23march =1.0.0 - @castyiglitchxz/alert-box-package =1.0.0, =1.0.0, =1.0.0, =0.0.1, =1.0.1, =1.0.5, =1.0.0, =1.2.5, =1.2.1, =0.0.1, =2.2.0...

5.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/06 12:0 a.m.6 views

Tenable Identity Exposure < 3.77.13(LTS) / 3.93.2 Vulnerable Nodejs (TNS-2025-16)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.13LTS or 3.93.2. It therefore contains a version of Nodejs that could be vulnerable. Tenable has upgrade these components to address the potential impact of the issues. Note that Nessus has...

7.5CVSS7.7AI score0.09752EPSS
Exploits5References2
Tenable Nessus
Tenable Nessus
added 2025/07/30 12:0 a.m.3 views

RockyLinux 9 : nodejs:20 (RLSA-2025:7426)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7426 advisory. c-ares: c-ares has a use-after-free in readanswers CVE-2025-31498 Tenable has extracted the preceding description block directly from the RockyLinux security...

8.3CVSS7.3AI score0.00577EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/07/30 12:0 a.m.3 views

RockyLinux 9 : nodejs:22 (RLSA-2025:8467)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:8467 advisory. nodejs: Remote Crash via SignTraits::DeriveBits in Node.js CVE-2025-23166 Tenable has extracted the preceding description block directly from the...

7.5CVSS6.9AI score0.00763EPSS
Exploits0References5
Rows per page
Query Builder