CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Hue Magic 3.0.0 - Local File Inclusion

Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. id: CVE-2021-25864 info: name: Hue Magic 3.0.0 - Local File Inclusion author: 0xAkoko severity: high description: Hue Magic 3.0.0 is susceptible to local file inclusion via the res.sendFile API. impact: | The LFI...

7.5CVSS7.1AI score0.56956EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-13309

Malware in sbrugna...

7.5CVSS7.5AI score0.00493EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 6:9 p.m.•4 views

CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

7.5CVSS6.8AI score0.56956EPSS

Exploits1References1

NVD•added 2023/08/11 2:15 p.m.•10 views

CVE-2021-26504

Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...

7.5CVSS7.6AI score0.00493EPSS

Exploits1References1

Prion•added 2023/08/11 2:15 p.m.•9 views

Directory traversal

Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js...

5CVSS7.5AI score0.00493EPSS

Exploits1References1Affected Software1

CNNVD•added 2023/08/11 12:0 a.m.•3 views

node-red-contrib-huemagic path traversal vulnerability

node-red-contrib-huemagic is a solution for Foddy individual developers. A security vulnerability exists in Foddy node-red-contrib-huemagic version 3.0.0, which stems from a directory traversal vulnerability. An attacker can exploit this vulnerability to obtain sensitive information by sending a...

7.5CVSS6.5AI score0.00493EPSS

Exploits1References2

CVE•added 2023/08/11 12:0 a.m.•48 views

CVE-2021-26504

CVE-2021-26504 affects Foddy’s node-red-contrib-huemagic (v3.0.0). The vulnerability is a directory traversal in the hue-magic.js res.sendFile API, enabling remote attackers to read sensitive information. CVSS v3.1 base score 7.5 (HIGH) with NETWORK attack vector, LOW attack complexity, and no pr...

7.5CVSS7.5AI score0.00493EPSS

Exploits1References1Affected Software1

Github Security Blog•added 2021/04/13 3:30 p.m.•43 views

Path Traversal in node-red-contrib-huemagic

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

7.5CVSS7.3AI score0.56956EPSS

Exploits1References3Affected Software1

OSV•added 2021/04/13 3:30 p.m.•18 views

GHSA-FRPW-JRWX-HCFV Path Traversal in node-red-contrib-huemagic

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

7.5CVSS7.5AI score0.56956EPSS

Exploits1References3

Veracode•added 2021/01/27 3:51 a.m.•5 views

Directory Traversal

node-red-contrib-huemagic is vulnerable to directory traversal. The vulnerability exists as the res.sendFile parameter in the API in hue-magic.js is not sanitized, allowing an attacker to fetch arbitrary files on the server by appending ../ to the URL of the target host...

7.5CVSS6.7AI score0.56956EPSS

Exploits1References2Affected Software1

CVE•added 2021/01/26 7:9 a.m.•64 views

CVE-2021-25864

Hue Magic 3.0.0 is vulnerable to local file inclusion via the res.sendFile API in hue-magic.js, allowing an attacker to fetch arbitrary files on the server. This CVE (CVE-2021-25864) is documented in multiple sources (including a Nuclei template and advisories) as an LFI with potential to expose ...

7.5CVSS7.6AI score0.56956EPSS

In wildExploits1References1Affected Software1

Cvelist•added 2021/01/26 7:9 a.m.•15 views

CVE-2021-25864

node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...

7.9AI score0.56956EPSS

Exploits1References1

CNNVD•added 2021/01/26 12:0 a.m.•2 views

node-red-contrib-huemagic path traversal vulnerability

node-red-contrib-huemagic is a solution for Foddy Personal Developer. A path traversal vulnerability exists in node-red-contrib-huemagic 3.0.0, which can be exploited to obtain arbitrary files...

7.5CVSS7.2AI score0.56956EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by