CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

39 matches found

Tenable Nessus•added 2026/01/28 12:0 a.m.•6 views

NewStart CGSL MAIN 6.06 : nodejs Multiple Vulnerabilities (NS-SA-2025-0241)

The remote NewStart CGSL host, running version MAIN 6.06, has nodejs packages installed that are affected by multiple vulnerabilities: - The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects...

9.8CVSS7.2AI score0.86472EPSS

Exploits26References105

OSV•added 2023/11/23 12:15 a.m.•3 views

DEBIAN-CVE-2023-30581

The use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time...

7.5CVSS7AI score0.00018EPSS

Exploits0References1

OSV•added 2023/11/23 12:15 a.m.•0 views

UBUNTU-CVE-2023-30581

7.5CVSS6.9AI score0.00018EPSS

Exploits0References3

F5 Networks•added 2023/10/23 9:42 p.m.•44 views

K000137330: Node.JS vulnerabilities CVE-2023-38552, CVE-2023-39331, CVE-2023-39332, and CVE-2023-3933

Security Advisory Description CVE-2023-38552 When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check...

9.8CVSS6.5AI score0.00657EPSS

Exploits0

Microsoft CVE•added 2023/10/23 7:0 a.m.•3 views

When the Node.js policy feature checks the integrity of a resource against a trusted manifest the application can intercept the operation and return a forged checksum to the node's policy implementation thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and 20.x. Please note that at the time this CVE was issued the policy mechanism is an experimental feature of Node.js.

...

7.5CVSS7AI score0.00397EPSS

Exploits0

NVD•added 2023/10/18 4:15 a.m.•23 views

CVE-2023-38552

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all user...

7.5CVSS7.4AI score0.00397EPSS

Exploits0References9

UbuntuCve•added 2023/10/18 4:15 a.m.•42 views

CVE-2023-38552

7.5CVSS6.9AI score0.00397EPSS

Exploits0References4

Cvelist•added 2023/10/18 3:55 a.m.•27 views

CVE-2023-38552

7.7AI score0.00397EPSS

Exploits0References8

SUSE CVE•added 2023/10/17 1:0 a.m.•1 views

SUSE CVE-2023-38552

6.5CVSS7.8AI score0.00397EPSS

Exploits0References13

Positive Technologies•added 2023/10/17 12:0 a.m.•9 views

PT-2023-6457 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x through 20.x Description: The issue arises when the Node.js policy feature checks the integrity of a resource against a trusted manifest. An application can intercept this operation and return a forged checksum to the...

9.8CVSS6.5AI score0.9439EPSS

Exploits22References175

OSV•added 2023/08/24 2:15 a.m.•1 views

AZL-27973 CVE-2023-32559 affecting package nodejs for versions less than 16.20.2-2

A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API process.binding can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding'spawnsyn...

7.5CVSS7AI score0.00061EPSS

Exploits1References1

OSV•added 2023/08/24 2:15 a.m.•2 views

AZL-27974 CVE-2023-32559 affecting package nodejs18 for versions less than 18.17.1-2

7.5CVSS7AI score0.00061EPSS

Exploits1References1

Prion•added 2023/08/24 2:15 a.m.•28 views

Privilege escalation

4.6CVSS8.6AI score0.00061EPSS

Exploits1References2Affected Software1

OSV•added 2023/08/24 2:15 a.m.•2 views

UBUNTU-CVE-2023-32559

7.5CVSS7.1AI score0.00061EPSS

Exploits1References6

OSV•added 2023/08/21 5:15 p.m.•1 views

AZL-27940 CVE-2023-32002 affecting package nodejs for versions less than 16.20.2-2

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

9.8CVSS6.9AI score0.00054EPSS

Exploits0References1

OSV•added 2023/08/21 5:15 p.m.•3 views

ALPINE-CVE-2023-32002

9.8CVSS7AI score0.00054EPSS

Exploits0References1

OSV•added 2023/08/21 5:15 p.m.•2 views

AZL-27942 CVE-2023-32002 affecting package nodejs18 for versions less than 18.17.1-2

9.8CVSS6.8AI score0.00054EPSS

Exploits0References1

OSV•added 2023/08/21 5:15 p.m.•1 views

DEBIAN-CVE-2023-32002

9.8CVSS7AI score0.00054EPSS

Exploits0References1

Debian CVE•added 2023/08/21 4:52 p.m.•65 views

CVE-2023-32002

9.8CVSS7.4AI score0.00054EPSS

Exploits0

OSV•added 2023/08/15 4:15 p.m.•1 views

ALPINE-CVE-2023-32006

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

8.8CVSS7AI score0.00074EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by