Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7912 matches found

CNNVD
CNNVDadded 2024/07/10 12:0 a.m.2 views

Node.js Security Vulnerabilities

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js that stems from an inadequate permissions model, which allows an attacker to retrieve statistical information from files that do not have explicit read permissions...

2.9CVSS6.5AI score0.00217EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2024/07/09 7:56 p.m.28 views

Security Bulletin: Vulnerabilities in Node.js and packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js package affects IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2024-37890 DESCRIPTION: Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially...

7.5CVSS7.8AI score0.00541EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/07/09 5:3 p.m.63 views

Security Bulletin: IBM QRadar Wincollect is using components with known vulnerabilities

Summary IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities with updates. Vulnerability Details CVEID:CVE-2024-4067 DESCRIPTION: Node.js micromatch module is vulnerable to a denial of service, caused by a regular...

8.6CVSS8.8AI score0.08833EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/07/09 2:38 p.m.22 views

Security Bulletin: IBM DataPower Gateway vulnerable to HTTP request smuggling in Node.js (CVE-2024-27982)

Summary Node.js is used by IBM DataPower Gateway in the Gateway Director and UI components. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By sending specially crafted HTT...

6.5CVSS5.7AI score0.00529EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blogadded 2024/07/09 1:32 p.m.27 views

Undici vulnerable to data leak when using response.arrayBuffer()

Impact Depending on network and process conditions of a fetch request, response.arrayBuffer might include portion of memory from the Node.js process. Patches This has been patched in v6.19.2. Workarounds There are no known workaround. References https://github.com/nodejs/undici/issues/3337...

2CVSS6.8AI score0.00355EPSS
Exploits0References7Affected Software1
Snyk
Snykadded 2024/07/09 10:19 a.m.2 views

Improper Handling of Values

Overview Affected versions of this package are vulnerable to Improper Handling of Values. This is because the Permission Model assumes wrongly that any path starting with two backslashes \ has a four-character prefix that can be ignored. Note: This vulnerability affects only Windows users of the...

4.2CVSS8.9AI score0.00066EPSS
Exploits0References2
Snyk
Snykadded 2024/07/09 9:45 a.m.0 views

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass by embedding non-network imports in data URLs. Exploiting this vulnerability allows an attacker to execute arbitrary code, compromising system security. Remediation Upgrade nodejs to version 20.16.0 or higher...

6.9CVSS7.5AI score0.00133EPSS
Exploits0References2
Veracode
Veracodeadded 2024/07/09 5:51 a.m.11 views

Memory Disclosure

Undici is vulnerable to Memory Leakage. The vulnerability is due to the response.arrayBuffer method, which potentially allows an attacker to exposes sensitive portions of memory from Node.js process depending on the network and process conditions...

2CVSS6.9AI score0.00355EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVEadded 2024/07/09 5:9 a.m.24 views

CVE-2024-22020

A flaw was found in the Node.js package. By embedding non-network imports in data URLs, this flaw allows an attacker to execute arbitrary code, compromising system security. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...

6.5CVSS6.8AI score0.00133EPSS
Exploits0References4
Hacker One
Hacker Oneadded 2024/07/09 2:34 a.m.5 views

Internet Bug Bounty: fs.fchown/fchmod bypasses permission model

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. The vulnerability allows operations such as fs.fchown or fs.fchmod to bypass the permission model by using a "read-only" file descriptor to change the owner...

3.3CVSS3.7AI score0.00126EPSS
Exploits0
NVD
NVDadded 2024/07/09 2:15 a.m.31 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS0.00133EPSS
Exploits0References4
Chainguard
Chainguardadded 2024/07/09 2:15 a.m.5 views

CVE-2024-22020 vulnerabilities

Vulnerabilities for packages: nodejs, kibana...

6.5CVSS6.7AI score0.00133EPSS
Exploits0
OSV
OSVadded 2024/07/09 2:15 a.m.16 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

7.2AI score
Exploits0References4
OSV
OSVadded 2024/07/09 2:15 a.m.0 views

DEBIAN-CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.2AI score0.00133EPSS
Exploits0References1
OSV
OSVadded 2024/07/09 2:15 a.m.1 views

ALPINE-CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.3AI score0.00133EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2024/07/09 2:15 a.m.39 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS6.8AI score0.00133EPSS
Exploits0References7
OSV
OSVadded 2024/07/09 2:15 a.m.0 views

UBUNTU-CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.1AI score0.00133EPSS
Exploits0References8
Debian CVE
Debian CVEadded 2024/07/09 1:7 a.m.38 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.2AI score0.00133EPSS
Exploits0
AlpineLinux
AlpineLinuxadded 2024/07/09 1:7 a.m.22 views

CVE-2024-22020

A security flaw in Node.js allows a bypass of network import restrictions. By embedding non-network imports in data URLs, an attacker can execute arbitrary code, compromising system security. Verified on various platforms, the vulnerability is mitigated by forbidding data URLs in network imports...

6.5CVSS7.3AI score0.00133EPSS
Exploits0
CVE
CVEadded 2024/07/09 1:7 a.m.321 views

CVE-2024-22020

CVE-2024-22020 (Node.js) is a real vulnerability affecting Node.js where an attacker can bypass network import restrictions by embedding non-network imports in data URLs, enabling arbitrary code execution. The issue is documented across multiple advisories (e.g., Debian DSA, CBLMariner, AlmaLinux...

6.5CVSS6.7AI score0.00133EPSS
Exploits0References4
Rows per page
Query Builder