CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

357 matches found

NVD•added 2023/07/24 10:15 p.m.•9 views

CVE-2023-26045

NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to...

10CVSS9.2AI score0.00508EPSS

Exploits0References3

Prion•added 2023/07/24 10:15 p.m.•18 views

Path traversal

7.5CVSS9.1AI score0.00508EPSS

Exploits0References3Affected Software1

Cvelist•added 2023/07/24 9:8 p.m.•18 views

CVE-2023-26045 NodeBB vulnerable to path traversal and code execution via prototype vulnerability

10CVSS9.4AI score0.00508EPSS

Exploits0References3

Vulnrichment•added 2023/07/24 9:8 p.m.•14 views

CVE-2023-26045 NodeBB vulnerable to path traversal and code execution via prototype vulnerability

10CVSS9.2AI score0.00508EPSS

Exploits0References3

OSV•added 2023/07/24 9:8 p.m.•14 views

CVE-2023-26045 NodeBB vulnerable to path traversal and code execution via prototype vulnerability

10CVSS8.7AI score0.00508EPSS

Exploits0References5

CVE•added 2023/07/24 9:8 p.m.•54 views

CVE-2023-26045

CVE-2023-26045 affects NodeBB up to 2.8.7, where a path traversal in the user export path (due to object destructuring) could be triggered by a specially crafted payload to arbitrarily execute local JavaScript. Affected range: 2.5.0 through

10CVSS9.2AI score0.00508EPSS

Exploits0References3Affected Software1

CNNVD•added 2023/07/24 12:0 a.m.•1 views

NodeBB 路径遍历漏洞

NodeBB is a forum system built using Node.js a web application platform built on top of Google's V8 JavaScript engine by the Design Create Play team. A path traversal vulnerability exists in NodeBB versions 2.5.0 to 2.8.7, which is caused by the use of object deconstruction assignment syntax in t...

10CVSS8.4AI score0.00508EPSS

Exploits0References4

Positive Technologies•added 2023/07/24 12:0 a.m.•2 views

PT-2023-4083 · Nodebb · Nodebb

Name of the Vulnerable Software and Affected Versions: NodeBB versions 2.5.0 through 2.8.7 Description: The issue arises due to the use of object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability. This allows a specially crafted payload to...

10CVSS9.2AI score0.00508EPSS

Exploits0References16

OSV•added 2023/04/20 4:32 p.m.•10 views

MAL-2023-634 Malicious code in nodebb-plugin-sso-auto-login (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bf3ab1b77199e67562a75d535a0d6c88f5d8d4c76b8df6d226e9528b0e050006 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score

Exploits0References1

OSSF Malicious Packages•added 2023/04/20 4:32 p.m.•2 views

Malicious code in nodebb-plugin-sso-auto-login (npm)

6.9AI score

Exploits0References1

Veracode•added 2022/12/06 4:29 a.m.•17 views

Prototype Pollution

nodebb is vulnerable to prototype pollution. An attacker can inject properties into existing construct prototypes via the Namespaces attribute in the index.js and modify attributes such as proto, constructor, and prototype...

9.8CVSS8.9AI score0.56836EPSS

Exploits0References2Affected Software1

OSV•added 2022/12/05 11:6 p.m.•23 views

GHSA-RF3G-V8P5-P675 NodeBB vulnerable to account takeover via prototype vulnerability

Impact Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. Patches Patched in 2.6.1 Workarounds Site maintainers can cherry-pick...

9.4CVSS9.3AI score0.56836EPSS

Exploits0References5

Github Security Blog•added 2022/12/05 11:6 p.m.•28 views

NodeBB vulnerable to account takeover via prototype vulnerability

9.8CVSS8.8AI score0.56836EPSS

Exploits0References5Affected Software1

NVD•added 2022/12/05 9:15 p.m.•10 views

CVE-2022-46164

NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...

9.8CVSS0.56836EPSS

Exploits0References2

Prion•added 2022/12/05 9:15 p.m.•10 views

Code injection

7.5CVSS9.3AI score0.56836EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2022/12/05 8:52 p.m.•5 views

CVE-2022-46164 Account takeover via prototype vulnerability

9.4CVSS9.3AI score0.56836EPSS

Exploits0References2

CVE•added 2022/12/05 8:52 p.m.•67 views

CVE-2022-46164

NodeBB vulnerability CVE-2022-46164 arises from using a plain object with a prototype in socket.io message handling, enabling impersonation and account takeover. Affected software: NodeBB (Node.js-based forum software) prior to version 2.6.1. Root cause: prototype pollution in message handling al...

9.8CVSS9.3AI score0.56836EPSS

Exploits0References2Affected Software1

Cvelist•added 2022/12/05 8:52 p.m.•14 views

CVE-2022-46164 Account takeover via prototype vulnerability

9.4CVSS9.6AI score0.56836EPSS

Exploits0References2

OSV•added 2022/12/05 8:52 p.m.•15 views

CVE-2022-46164 Account takeover via prototype vulnerability

9.4CVSS9.1AI score0.56836EPSS

Exploits0References4

CNNVD•added 2022/12/05 12:0 a.m.•1 views

NodeBB 安全漏洞

NodeBB is a forum system from the Design Create Play team built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability exists in NodeBB versions prior to 2.6.1, which stems from the use of plain objects with prototypes in socket.io messag...

9.8CVSS8.3AI score0.56836EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by