EUVD-2021-0559

Malware in sbrugna...

EUVD-2025-13263

Malicious code in bioql PyPI...

The vulnerability of the Node-RED visual programming tool’s server on the Pilz IndustrialPI operating system allows a perpetrator to execute arbitrary commands.

The vulnerability of the Node-RED visual programming tool on the Pilz IndustrialPI industrial computer server is related to the absence of default authentication settings. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

PT-2025-27509 · Node Red · Node-Red

Name of the Vulnerable Software and Affected Versions: Node RED affected versions not specified Description: An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node RED server is not configured by default...

CVE-2021-21298

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...

The vulnerability of the nodered function of the D-Link G416 router’s HTTP microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the nodered function of the D-Link G416 router’s HTTP microprogramming system is related to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by...

Node-RED Unauthorized Remote Command Execution Vulnerability

Node-RED is a tool for building Internet of Things IOT applications that focuses on simplifying the "connectivity" of code blocks to perform tasks. Node-RED is vulnerable to unauthorized remote command execution. Since the Node-RED application does not enforce any type of authentication,...