7911 matches found
CVE-2025-23090
...
CVE-2025-23089
...
CVE-2025-23083
CVE-2025-23083 affects Node.js v20/v22/v23 (with the diagnostics_channel utility) by allowing an attacker to hook into worker thread creation and access internal worker instances, including constructor retrieval, enabling malicious reuse. This is a local-access issue with high impact on confident...
编号撤回
Node.js is an open source, cross-platform JavaScript runtime environment from Node.js Open Source. This CVE number has been withdrawn...
PT-2025-4820 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions 20, 22, and 23 Description: The issue allows attackers to misuse the diagnostics channel utility, accessing internal worker threads for malicious purposes. This is not limited to workers but also exposes internal workers, whe...
编号撤回
Node.js is an open source, cross-platform JavaScript runtime environment from Node.js Open Source. This CVE number has been withdrawn...
Node.js 安全漏洞
Node.js is an open source, cross-platform JavaScript runtime environment from the Node.js open source. A security vulnerability exists in Node.js versions 20, 22, and 23 that stems from the diagnosticschannel tool that can hook a worker thread to create an event, allowing an attacker to obtain an...
PT-2025-4819 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the latest supported version Description: The issue concerns the use of End-of-Life EOL versions of Node.js, which are no longer supported and do not receive updates, including security patches. This may expose syste...
编号撤回
Node.js is an open source, cross-platform JavaScript runtime environment from Node.js Open Source. This CVE number has been withdrawn...
PT-2025-4814 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special ...
PT-2025-4813 · Node.Js +7 · Node.Js +7
Name of the Vulnerable Software and Affected Versions: Node.js versions v20, v22, and v23 Description: The diagnostics channel utility allows an event to be hooked into whenever a worker thread is created, exposing not only workers but also internal workers. This enables malicious actors to fetch...
Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).
The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A memory leak could occur when a remote peer abruptly closes the...
Tuesday, January 21, 2025 Security Releases
Tuesday, January 21, 2025 Security Releases Security releases available Updates are now available for the 23.x, 22.x, 20.x, 18.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public vulnerabilities: undici v7.2.3, v6.21....
PT-2025-4817 · Node.Js · Node.Js
The issue affects Node.js, specifically all end-of-life versions up to v17.9.1, which no longer receive support or updates, including security patches. This can expose systems to potential security risks due to unaddressed software vulnerabilities or dependencies. The vulnerable versions of Node....
PT-2025-4818 · Node.Js · Node.Js
The affected software is Node.js, specifically all End-of-Life EOL versions that are no longer supported and do not receive updates, including security patches. These versions may expose systems to potential security risks due to unaddressed software issues or dependencies, such as the use of...
CVE-2024-52006
A flaw was found in Git. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems, most notably .NET and node.js, interpret single Carriage Return characters as newlines, which render the protections against CVE-2020-5260...
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...
CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket...
Fortinet Fortigate Authentication bypass in Node.js websocket module and CSF requests (FG-IR-24-535)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the FG-IR-24-535 advisory. - An Authentication Bypass Using an Alternate Path or Channel vulnerability CWE-288 affecting FortiOS 7.0.0 through...
PT-2025-1051
Name of the Vulnerable Software and Affected Versions FortiOS versions 7.0.0 through 7.0.16 FortiProxy versions 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 Description An authentication bypass vulnerability in FortiOS and FortiProxy allows a remote attacker to gain super-admin privileges via...