253 matches found
Malicious code in node-red-contrib-ys7 (npm)
The package node-red-contrib-ys7 was found to contain malicious code...
Malicious code in @zalastax/nolb-node-red-contrib-c (npm)
The package @zalastax/nolb-node-red-contrib-c was found to contain malicious code...
Malicious code in node-red-contrib-storfly-iot-vtview (npm)
The package node-red-contrib-storfly-iot-vtview was found to contain malicious code...
Malicious code in @zalastax/nolb-node-red-contrib-a (npm)
The package @zalastax/nolb-node-red-contrib-a was found to contain malicious code...
Malicious code in node-red-contrib-storfly-iot-hp (npm)
The package node-red-contrib-storfly-iot-hp was found to contain malicious code...
MAL-2025-12654 Malicious code in @zalastax/nolb-node-red-cl (npm)
The package @zalastax/nolb-node-red-cl was found to contain malicious code...
MAL-2025-27645 Malicious code in node-red-contrib-objstore (npm)
The package node-red-contrib-objstore was found to contain malicious code...
MAL-2025-12652 Malicious code in @zalastax/nolb-node-red-ch (npm)
The package @zalastax/nolb-node-red-ch was found to contain malicious code...
MAL-2025-12657 Malicious code in @zalastax/nolb-node-red-com (npm)
The package @zalastax/nolb-node-red-com was found to contain malicious code...
MAL-2025-27646 Malicious code in node-red-contrib-storfly-iot-hp (npm)
The package node-red-contrib-storfly-iot-hp was found to contain malicious code...
MAL-2025-12668 Malicious code in @zalastax/nolb-node-red-contrib-b (npm)
The package @zalastax/nolb-node-red-contrib-b was found to contain malicious code...
MAL-2025-12653 Malicious code in @zalastax/nolb-node-red-ci (npm)
The package @zalastax/nolb-node-red-ci was found to contain malicious code...
MAL-2025-12671 Malicious code in @zalastax/nolb-node-red-contrib-e (npm)
The package @zalastax/nolb-node-red-contrib-e was found to contain malicious code...
MAL-2025-12664 Malicious code in @zalastax/nolb-node-red-contrib-2 (npm)
The package @zalastax/nolb-node-red-contrib-2 was found to contain malicious code...
MAL-2025-12674 Malicious code in @zalastax/nolb-node-red-contrib-h (npm)
The package @zalastax/nolb-node-red-contrib-h was found to contain malicious code...
MAL-2025-27641 Malicious code in node-red-contrib-flows_splitter (npm)
The package node-red-contrib-flowssplitter was found to contain malicious code...
MAL-2025-12679 Malicious code in @zalastax/nolb-node-red-s (npm)
The package @zalastax/nolb-node-red-s was found to contain malicious code...
CVE-2025-41656 Pilz: Missing Authentication in Node-RED integration
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the NodeRED server is not configured by default...
CVE-2025-41656
CVE-2025-41656 concerns the Pilz IndustrialPI Node-RED integration, where the authentication for the Node-RED server is not configured by default. This allows an unauthenticated remote attacker to execute arbitrary commands with high privileges on affected devices. The CVSS 3.1 base score is 10.0...
CVE-2025-41656 Pilz: Missing Authentication in Node-RED integration
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the NodeRED server is not configured by default...