CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

EUVD•added 2026/04/23 12:53 a.m.•2 views

EUVD-2026-25166

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

10CVSS6.5AI score0.00774EPSS

Exploits2References1

RedhatCVE•added 2025/10/07 3:22 p.m.•1 views

CVE-2025-61668

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...

8.7CVSS6.6AI score0.00105EPSS

Exploits0References1

Veracode•added 2025/09/25 7:19 a.m.•3 views

Denial Of Service (DoS)

@plone/volto is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of specific URL requests which allows an attacker to crash the NodeJS server component and cause downtime...

7.5CVSS6.7AI score0.00171EPSS

Exploits0References8Affected Software1

Huntr•added 2024/10/25 8:24 a.m.•3 views

unhandled exception caused server crash

Description in javascript express framework, if async router handler throw an exception, the whole server will crash. In librechat, some API, when leading with some malformed input, will have uncaught exception. This will lead to server crash, thus a full denial of service. Mind that although thi...

6.5CVSS6.8AI score0.00472EPSS

Exploits1

SUSE CVE•added 2024/02/17 3:21 a.m.•2 views

SUSE CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

7.5CVSS8AI score0.0038EPSS

Exploits0References11

SUSE CVE•added 2023/09/19 11:24 p.m.•1 views

SUSE CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be...

8.8CVSS8.4AI score0.21677EPSS

Exploits0References8

OSSF Malicious Packages•added 2022/06/20 8:24 p.m.•3 views

Malicious code in nodejs_net_server (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c38544243e809d4f6d82a87abad44436a676a9ffc748c974ec1657ce0c99360a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score

Exploits0References2

CNVD•added 2019/01/08 12:0 a.m.•3 views

Apache Thrift Node.js static web server access control error vulnerability

Apache Thrift is the United States Apache Apache Software Foundation for cross-platform development of a framework . Node.js static web server is one of the static web server . An access control error vulnerability exists in the Apache Thrift Node.js static web server versions 0.9.2 through 0.11....

6.5CVSS8.8AI score0.00402EPSS

Exploits0References1

CNVD•added 2018/06/15 12:0 a.m.•3 views

Augustine Path Traversal Vulnerability

augustine is a static HTTP server used in Node.js. A path traversal vulnerability exists in augustine, which stems from the program's lack of url validation. The vulnerability can be exploited by sending a specially crafted GET request to read the contents of an arbitrary file with a known path...

6.5CVSS6.5AI score0.00489EPSS

Exploits1References1