Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Snyk
Snykadded 6 days ago1 views

Incomplete List of Disallowed Inputs

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the NodeVM builtin allowlist in lib/builtin.js. An attacker can read host-process state by...

8.2CVSS5.9AI score
Exploits0References2
F5 Networks
F5 Networksadded 2025/06/10 8:46 p.m.4 views

K000151779: Node.js vulnerabilities CVE-2025-23083 and CVE-2025-23085

Security Advisory Description CVE-2025-23083 With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be...

7.7CVSS6.5AI score0.00169EPSS
Exploits0
OSV
OSVadded 2025/01/27 7:15 a.m.12 views

BIT-NODE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS6.8AI score0.00105EPSS
Exploits0References5
OSV
OSVadded 2025/01/27 7:15 a.m.5 views

BIT-NODE-2025-23090

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...

6.6AI score
Exploits0References2
OSV
OSVadded 2025/01/27 7:15 a.m.6 views

BIT-NODE-MIN-2025-23090

Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083...

6.6AI score
Exploits0References2
OpenVAS
OpenVASadded 2025/01/23 12:0 a.m.24 views

Node.js 20.x < 20.18.2, 21.x < 22.13.1, 23.x < 23.6.1 Worker Permission Bypass Vulnerability - Mac OS X

Node.js is prone to a worker permission bypass vulnerability via InternalWorker leak in diagnostics. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

7.7CVSS7.5AI score0.00105EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2025/01/22 1:11 a.m.11 views

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS7.2AI score0.00105EPSS
Exploits0
CVE
CVEadded 2025/01/22 1:11 a.m.337 views

CVE-2025-23083

CVE-2025-23083 affects Node.js v20/v22/v23 (with the diagnostics_channel utility) by allowing an attacker to hook into worker thread creation and access internal worker instances, including constructor retrieval, enabling malicious reuse. This is a local-access issue with high impact on confident...

7.7CVSS7.5AI score0.00105EPSS
Exploits0References4
Hacker One
Hacker Oneadded 2024/06/26 4:28 a.m.10 views

Node.js: Worker permission bypass via InternalWorker leak in diagnostics

The vulnerability allowed for a worker permission bypass through a diagnosticschannel leak that exposed internal workers, enabling the retrieval of their constructor for malicious usage. This affected Permission Model users on Node.js versions 20, 22, and 23...

7.7CVSS6.6AI score0.00105EPSS
Exploits0
Rows per page
Query Builder