EUVD-2026-25166

Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in authenticated mode with default configuration...

CVE-2025-61668

Volto is a ReactJS-based frontend for the Plone Content Management System. Versions 16.34.0 and below, 17.0.0 through 17.22.1, 18.0.0 through 18.27.1, and 19.0.0-alpha.1 through 19.0.0-alpha.5, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a...

SUSE CVE-2024-22019

A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service DoS. The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk...

Apache Thrift Node.js static web server access control error vulnerability

Apache Thrift is the United States Apache Apache Software Foundation for cross-platform development of a framework . Node.js static web server is one of the static web server . An access control error vulnerability exists in the Apache Thrift Node.js static web server versions 0.9.2 through 0.11....

Augustine Path Traversal Vulnerability

augustine is a static HTTP server used in Node.js. A path traversal vulnerability exists in augustine, which stems from the program's lack of url validation. The vulnerability can be exploited by sending a specially crafted GET request to read the contents of an arbitrary file with a known path...