256 matches found
CVE-2025-41656
CVE-2025-41656 concerns the Pilz IndustrialPI Node-RED integration, where the authentication for the Node-RED server is not configured by default. This allows an unauthenticated remote attacker to execute arbitrary commands with high privileges on affected devices. The CVSS 3.1 base score is 10.0...
Pilz IndustrialPI 访问控制错误漏洞
Pilz IndustrialPI is a gateway for the Industrial Internet of Things from Pilz Individual Developers in Germany. An access control error vulnerability exists in Pilz IndustrialPI that stems from the default unconfigured NodeRED server authentication leading to command execution...
PT-2025-27509 · Node Red · Node-Red
Name of the Vulnerable Software and Affected Versions: Node RED affected versions not specified Description: An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node RED server is not configured by default...
CVE-2022-3783
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component uitext Format Handler. The manipulation leads to cross site scripting. The attack may be...
CVE-2021-3223
Node-RED-Dashboard before 2.26.2 allows uibase/js/..%2f directory traversal to read files...
CVE-2021-21297
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...
CVE-2021-21298
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with projects.read permission is able to access any file via t...
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file...
CVE-2019-15607
A stored XSS vulnerability is present within node-red version: = 0.20.7 npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc...
CVE-2019-10756
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the uinotification node accepting raw HTML by default...
@dfeidao/fd-w000005 (>=4.6.201905201058 <=4.6.201907081013), @dfeidao/widgets (>=4.5.201903181201 <=4.6.201905131523) +16 more potentially affected by CVE-2025-47204 via bootstrap-multiselect (>=0.9.13-1 <=1.1.2)
bootstrap-multiselect NPM version =0.9.13-1, =4.6.201905201058, =4.5.201903181201, =1.0.0, =3.0.201812052008, =1.0.0, =2.0.0, =0.1.0, =0.0.3, =1.0.7-1, =1.1.4, =1.2.1, =1.2.2, =0.0.2, =1.0.0 and more Source cves: CVE-2025-47204 Source advisory: OSV:GHSA-GV5R-9GXR-V74W...
CVE-2025-24522
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522 KUNBUS Revolution Pi Authentication Bypass by Primary Weakness
KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server where they can run arbitrary commands on the underlying operating system...
CVE-2025-24522
CVE-2025-24522 affects KUNBUS Revolution Pi OS Bookworm 01/2025 where Node-RED authentication is not configured by default. An unauthenticated remote attacker can gain full access to the Node-RED server and execute arbitrary OS commands (impacting PLC control). Connected sources describe the root...
KUNBUS Revolution Pi OS Bookworm 安全漏洞
KUNBUS Revolution Pi OS Bookworm is an industrial-grade real-time operating system based on Debian Bookworm from KUNBUS. A security vulnerability exists in KUNBUS Revolution Pi OS Bookworm 01/2025 that stems from the Node-RED server not being configured for authentication by default, which could...
PT-2025-18781 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: IntelR TiberTM Edge Platform Edge Orchestrator versions prior to 24.11.1 Description: A protection mechanism failure exists in some Edge Orchestrator software. An authenticated user may be able to enable a denial of service via adjacent acces...
PT-2025-18782 · Undefined · Undefined
@CISAgov 2/8 🏭 Revolution Pi vulnerability details: The industrial IoT platform has THREE critical flaws CVE-2025-24522, CVE-2025-24523, CVE-2025-24524 with CVSS scores up to 10.0! These affect Node-RED and PiCtory components widely used in manufacturing, energy, and water sectors...
PT-2025-18691 · Kunbus +1 · Kunbus Revolution Pi Os +1
Name of the Vulnerable Software and Affected Versions: KUNBUS Revolution Pi OS Bookworm 01/2025 Description: The issue arises because authentication is not configured by default for the Node-RED server. This can give an unauthenticated remote attacker full access to the Node-RED server, where the...