EUVD-2021-0559

Malware in sbrugna...

EUVD-2025-13263

Malicious code in bioql PyPI...

PT-2025-27509 · Node Red · Node-Red

Name of the Vulnerable Software and Affected Versions: Node RED affected versions not specified Description: An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node RED server is not configured by default...

CVE-2021-21298

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...

Node-RED Unauthorized Remote Command Execution Vulnerability

Node-RED is a tool for building Internet of Things IOT applications that focuses on simplifying the "connectivity" of code blocks to perform tasks. Node-RED is vulnerable to unauthorized remote command execution. Since the Node-RED application does not enforce any type of authentication,...