CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Circl•added 2018/10/09 12:40 a.m.•3 views

CVE-2016-10540

creationtimestamp| type| source ---|---|--- 2018-10-09 00:40:41+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-hxm2-r34f-qmc5...

7.5CVSS7.1AI score0.01743EPSS

Circl•added 2018/09/18 1:50 p.m.•2 views

CVE-2017-0930

creationtimestamp| type| source ---|---|--- 2018-09-18 13:50:25+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-4wch-fwmx-cf47...

6.5CVSS6.6AI score0.01217EPSS

Circl•added 2018/09/17 8:43 p.m.•3 views

CVE-2018-16460

creationtimestamp| type| source ---|---|--- 2018-09-17 20:43:59+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-cfhg-9x44-78h2...

9.8CVSS7.3AI score0.02856EPSS

Exploits0References1

Node.js•added 2018/08/30 3:53 a.m.•16 views

NoSQL Injection

Overview Versions of loopback-connector-mongodb before 3.6.0 are vulnerable to NoSQL injection. MongoDB Connector for LoopBack fails to properly sanitize a filter passed to query the database by allowing the dangerous $where property to be passed to the MongoDB Driver. The Driver allows the speci...

7.1AI score

Node.js•added 2018/08/24 12:7 p.m.•14 views

Command Injection

Overview Versions of egg-scripts before 2.8.1 are vulnerable to command injection. This is only exploitable if a malicious argument is provided on the command line. Example: eggctl start --daemon --stderr='/tmp/eggctlstderr.log; touch /tmp/malicious' Recommendation Update to version 2.8.1 or late...

Circl•added 2018/08/21 5:2 p.m.•4 views

CVE-2018-3784

creationtimestamp| type| source ---|---|--- 2018-08-21 17:02:43+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-38f5-ghc2-fcmv...

9.8CVSS7.3AI score0.03252EPSS

Node.js•added 2018/08/16 7:50 p.m.•22 views

Code Injection

Overview All versions of cryo are vulnerable to code injection due to an Insecure implementation of deserialization. Proof of concept var Cryo = require'cryo'; var frozen = '"root":"CRYOREF3","references":"contents":,"value":"CRYOFUNCTIONfunction console.log\"defconrussia\"; return...

7.5CVSS1.3AI score0.03252EPSS

Node.js•added 2018/08/16 7:44 p.m.•25 views

Privilege Escalation due to Blind NoSQL Injection

Overview Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset. Recommendation Update to version 1.1.10 or later. References - HackerOne Report - GitHub Advisory...

7.5CVSS4.1AI score0.0379EPSS

Node.js•added 2018/08/09 6:53 p.m.•10 views

Malicious Package

Overview All versions of soket.io are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendation...

Node.js•added 2018/08/09 5:30 a.m.•14 views

Malicious Package

Overview All versions of regenrator are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendatio...

Node.js•added 2018/08/09 5:28 a.m.•26 views

Malicious Package

Overview All versions of regenraotr are considered malicious. The package is malware designed to take advantage of users making a mistake when typing the name of a module to install. When executed, the package calls home to a Command and Control server to execute arbitrary commands. Recommendatio...

Circl•added 2018/08/06 9:37 p.m.•4 views

CVE-2017-16226

creationtimestamp| type| source ---|---|--- 2018-08-06 21:37:06+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-5mjw-6jrh-hvfq...

9.8CVSS7.3AI score0.03596EPSS

Node.js•added 2018/08/03 3:15 p.m.•617 views

Arbitrary File Write via Archive Extraction

Overview Versions of adm-zip before 0.4.9 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.4.9 or later. References - GitHub Pull Request - Zip Slip...

4.3CVSS4.4AI score0.15359EPSS

Node.js•added 2018/08/03 3:8 p.m.•556 views

Arbitrary File Write via Archive Extraction

Overview Versions of unzipper before 0.8.13 are vulnerable to arbitrary file write when used to extract a specifically crafted archive that contains path traversal filenames ../../file.txt for example. Recommendation Update to version 0.3.18 or later. References - GitHub Pull Request - Zip Slip...

4.3CVSS3.7AI score0.11917EPSS

Node.js•added 2018/07/26 4:55 p.m.•477 views

Path Traversal

Overview Versions of express-cart before 1.1.7 are vulnerable to Path Traversal. Recommendation Update to version 1.1.7 or later. References - HackerOne Report - GitHub Advisory...

6.9AI score

Circl•added 2018/07/24 7:59 p.m.•3 views

CVE-2017-16030

creationtimestamp| type| source ---|---|--- 2018-07-24 19:59:13+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-pjmx-9xr3-82qr...

7.5CVSS7.1AI score0.01162EPSS

Circl•added 2018/07/24 7:58 p.m.•3 views

CVE-2017-16010

creationtimestamp| type| source ---|---|--- 2018-07-24 19:58:33+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-cmh5-qc8w-xvcq...

6.1CVSS6.3AI score0.01017EPSS

Circl•added 2018/07/24 7:44 p.m.•3 views

CVE-2017-16082

creationtimestamp| type| source ---|---|--- 2018-07-24 19:44:42+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-wc9v-mj63-m9g5...

9.8CVSS7.3AI score0.10513EPSS