CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7863 matches found

IBM Security Bulletins•added 2025/10/24 8:59 a.m.•8 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935.

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses multer-1.4.5-lts.2.tgz which is vulnerable to CVE-2025-47935. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-47935 DESCRIPTION: Multer is a node.js...

7.5CVSS6.8AI score0.00177EPSS

Exploits0Affected Software1

GithubExploit•added 2025/10/20 5:17 p.m.•140 views

test-reflected-xss-nodejs

It is an offensive tool for web application security testing. Th...

6.5AI score

Exploits0

Hacker One•added 2025/10/19 2:58 p.m.•6 views

Node.js: fs.futimes() Bypasses Read-Only Permission Model

A flaw in Node.js's permission model was discovered that allowed a file's access and modification timestamps to be changed via futimes even when the process had only read permissions. Unlike utimes, futimes did not apply the expected write-permission checks, which meant file metadata could be...

5.3CVSS6.6AI score0.00012EPSS

Exploits0

The Hacker News•added 2025/10/10 2:25 p.m.•2 views

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application SEA feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source...

7.3AI score

Exploits0

Github Security Blog•added 2025/10/08 7:34 p.m.•9 views

FlowiseAI/Flosise has File Upload vulnerability

Summary A file upload vulnerability in FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution RCE. Details The system fails to...

8.8CVSS7.7AI score0.00361EPSS

Exploits2References11Affected Software1