CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/23 4:22 a.m.•7 views

CVE-2023-42955

Claris International has successfully resolved an issue of potentially exposing password information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by eliminating the send of Admin Role passwords in the...

6.1CVSS6.8AI score0.00188EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:8 a.m.•6 views

CVE-2023-38504

Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the sails.io.js client...

7.5CVSS6.7AI score0.003EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:32 a.m.•6 views

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information Disclosure...

7.5CVSS6.8AI score0.01075EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 3:32 a.m.•4 views

CVE-2023-27562

The n8n package 0.218.0 for Node.js allows Directory Traversal...

6.5CVSS6.9AI score0.00916EPSS

RedhatCVE•added 2025/05/23 3:32 a.m.•8 views

CVE-2023-27563

The n8n package 0.218.0 for Node.js allows Escalation of Privileges...

8.8CVSS6.9AI score0.00502EPSS

RedhatCVE•added 2025/05/23 2:21 a.m.•9 views

CVE-2023-38690

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0....

9.8CVSS7.1AI score0.00179EPSS

RedhatCVE•added 2025/05/23 12:42 a.m.•4 views

CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...

7.3CVSS6.7AI score0.08112EPSS

RedhatCVE•added 2025/05/23 12:30 a.m.•5 views

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

6.1CVSS6.8AI score0.00441EPSS

OpenVAS•added 2025/05/23 12:0 a.m.•11 views

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Windows

Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

6.5CVSS6.6AI score0.00096EPSS

Exploits1References2

OpenVAS•added 2025/05/23 12:0 a.m.•7 views

Node.js < 20.19.2, 21.x < 22.15.1, 23.x < 23.11.1, 24.x < 24.0.2 DoS Vulnerability - Mac OS X

Node.js is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

7.5CVSS7.4AI score0.00304EPSS

OpenVAS•added 2025/05/23 12:0 a.m.•4 views

Node.js < 20.19.2, 21.x < 22.15.1, 23.x < 23.11.1, 24.x < 24.0.2 DoS Vulnerability - Windows

7.5CVSS7.1AI score0.00304EPSS

OpenVAS•added 2025/05/23 12:0 a.m.•7 views

Node.js < 20.19.2, 21.x < 22.15.1 DoS Vulnerability - Mac OS X

3.7CVSS5.2AI score0.0056EPSS

OpenVAS•added 2025/05/23 12:0 a.m.•6 views

Node.js < 20.19.2, 22.x < 22.15.1 DoS Vulnerability - Windows

3.7CVSS5.7AI score0.0056EPSS

OpenVAS•added 2025/05/23 12:0 a.m.•11 views

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Mac OS X

6.5CVSS6.7AI score0.00096EPSS

Exploits1References2

RedhatCVE•added 2025/05/22 11:10 p.m.•3 views

CVE-2022-36046

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

5.3CVSS6.7AI score0.00436EPSS

Exploits0

RedhatCVE•added 2025/05/22 10:44 p.m.•4 views

CVE-2022-29080

The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value...

9.8CVSS7.3AI score0.02264EPSS

RedhatCVE•added 2025/05/22 10:12 p.m.•6 views

CVE-2022-29256

sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at npm install time when installing versions of sharp prior to the latest v0.30.5. If an attacker has the ability to set the value of the PKGCONFIGPATH...

6.7CVSS6.7AI score0.00164EPSS

RedhatCVE•added 2025/05/22 10:5 p.m.•5 views

CVE-2022-39266

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7...

9.8CVSS7.4AI score0.00272EPSS

RedhatCVE•added 2025/05/22 9:31 p.m.•7 views

CVE-2021-21414

Prisma is an open source ORM for Node.js & TypeScript. As of today, we are not aware of any Prisma users or external consumers of the @prisma/sdk package who are affected by this security vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable...

7.7CVSS7.7AI score0.02499EPSS