Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7911 matches found

OSV
OSVadded 2025/05/19 2:15 a.m.0 views

UBUNTU-CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

3.7CVSS7.1AI score0.0056EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/05/19 1:25 a.m.14 views

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

6.5CVSS0.00096EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/05/19 1:25 a.m.13 views

CVE-2025-23122

...

Exploits0
Vulnrichment
Vulnrichmentadded 2025/05/19 1:25 a.m.7 views

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

6.5CVSS6.4AI score0.00096EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/05/19 1:25 a.m.4 views

CVE-2025-23122

...

4.3AI score
Exploits0
AlpineLinux
AlpineLinuxadded 2025/05/19 1:25 a.m.4 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS6.8AI score0.00304EPSS
Exploits0
CVE
CVEadded 2025/05/19 1:25 a.m.99 views

CVE-2025-23167

This CVE affects Node.js 20.x where the HTTP parser may terminate headers incorrectly (\r\n\rX instead of \r\n\r\n), enabling request smuggling and bypassing proxy-based access controls. Root cause: improper header termination in llhttp prior to version 9. The issue is resolved by upgrading llhtt...

6.5CVSS6.7AI score0.00096EPSS
Exploits1References1
CVE
CVEadded 2025/05/19 1:25 a.m.31 views

CVE-2025-23122

CVE-2025-23122 is a duplicate entry of CVE-2025-23165 and is not an active vulnerability on its own. Connected sources provide concrete details for CVE-2025-23165: in Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uv_fs_s.file when a UTF-16 path buffer is ov...

7.2AI score
Exploits0
CVE
CVEadded 2025/05/19 1:25 a.m.113 views

CVE-2025-23166

The CVE-2025-23166 issue affects Node.js and stems from SignTraits::DeriveBits() potentially calling ThrowException() with user-controlled inputs when run in a background thread, leading to a crash of the Node.js runtime. Public advisories in the Connected documents confirm affected packages (e.g...

7.5CVSS6.8AI score0.00304EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/05/19 1:25 a.m.6 views

CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

3.7CVSS4.2AI score0.0056EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2025/05/19 1:25 a.m.3 views

CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

3.7CVSS6.9AI score0.0056EPSS
Exploits0
Cvelist
Cvelistadded 2025/05/19 1:25 a.m.21 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS0.00304EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/05/19 1:25 a.m.23 views

CVE-2025-23165

In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor is set. This results in an unrecoverable memory leak on every call. Repeated use can cause unbounded memory...

3.7CVSS0.0056EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/05/19 1:25 a.m.3 views

CVE-2025-23166

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary...

7.5CVSS7.5AI score0.00304EPSS
Exploits0References1
CVE
CVEadded 2025/05/19 1:25 a.m.126 views

CVE-2025-23165

CVE-2025-23165 affects Node.js ReadFileUtf8, where a corrupted pointer in uv_fs_s.file leaks memory: a UTF-16 path buffer is allocated but overwritten when the file descriptor is set, causing an unrecoverable memory leak on every call. Repeated usage can lead to unbounded memory growth and denial...

3.7CVSS7AI score0.0056EPSS
Exploits0References1
CNNVD
CNNVDadded 2025/05/19 12:0 a.m.1 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js version 20.x that stems from the HTTP parser improperly terminating the HTTP/1 header, which could lead to a request entrapment attack...

6.5CVSS6.9AI score0.00096EPSS
Exploits1References2
CNNVD
CNNVDadded 2025/05/19 12:0 a.m.0 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment open-sourced by Node.js. A security vulnerability exists in Node.js that stems from an incorrect call to ThrowException by the SignTraits::DeriveBits method in a background thread, which could lead to a process crash...

7.5CVSS7.7AI score0.00304EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2025/05/19 12:0 a.m.3 views

PT-2025-21873 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js versions v20 and v22 Description: The issue is related to a memory leak in the ReadFileUtf8 internal binding of Node.js, caused by a corrupted pointer in uv fs s.file. This occurs when a UTF-16 path buffer is allocated but then...

3.7CVSS4.1AI score
Exploits0References7
CNNVD
CNNVDadded 2025/05/19 12:0 a.m.1 views

Node.js 安全漏洞

Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js versions v20 and v22, which stems from a memory leak in the ReadFileUtf8 internal bindings that could lead to a denial of service...

3.7CVSS6AI score0.0056EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/05/19 12:0 a.m.1 views

编号撤回

Node.js is an open source, cross-platform JavaScript runtime environment from Node.js Open Source. This CVE number has been withdrawn...

4.7AI score
Exploits0References1
Rows per page
Query Builder