CVE-2026-45783 libp2p: Unvalidated PUT_VALUE records allow unbounded disk exhaustion on DHT server nodes

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

VulnCheck KEV: CVE-2025-59528

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...

EUVD-2025-116725

Malicious code in andromeda-enceladus-prettier-stylelint-server npm...

EUVD-2025-115796

Malicious code in callback-request-server-node-config npm...

EUVD-2022-0616

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-23797

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is. CVE-2021-23797 Note that Nessus relies on the presence o...

MAL-2025-38546 Malicious code in voice-quickstart-server-node (npm)

The package voice-quickstart-server-node was found to contain malicious code...

Malicious code in voice-quickstart-server-node (npm)

The package voice-quickstart-server-node was found to contain malicious code...

Apple Launches Private Cloud Compute for Privacy-Centric AI Processing

Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute PCC that's designed for processing artificial intelligence AI tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture eve...

CVE-2024-27922

TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...

CVE-2024-27922

CVE-2024-27922 affects TOMP Bare Server (node Bare Server) due to insecure handling of HTTP requests in the @tomphttp/bare-server-node package. The root cause relates to improper handling/validation of HTTP requests, which could allow manipulation of web traffic. Impact is described as potentiall...

CVE-2024-27922 HTTP Handling Vulnerability in the Bare server

TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...

gn-math-utopia-v2 (>=1.1.0 <=1.1.2), proxeasyjs (>=0.1.0 <=1.0.1) potentially affected by CVE-2024-27922 via @tomphttp/bare-server-node (=1.2.6)

@tomphttp/bare-server-node NPM version =1.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on @tomphttp/bare-server-node and may be impacted: - gn-math-utopia-v2 =1.1.0, =0.1.0, =1.0.1 Source cves: CVE-2024-27922 Source advisory: OSV:GHSA-86FC-F9GR-V53...

PT-2024-22139

Name of the Vulnerable Software and Affected Versions TOMP Bare Server versions prior to 2.0.2 Description A vulnerability in TOMP Bare Server relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to...

VulnCheck KEV: CVE-2018-12031

Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...

Path Traversal in http-server-node

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...

GHSA-HJ3M-V758-JWX5 Path Traversal in http-server-node

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...

Directory Traversal

http-server-node is vulnerable to directory traversal. The vulnerability exists due to lack of sanitization of user inputs which allows an attacker to gain access to the files outside of the server scope...

Directory traversal

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...

UBUNTU-CVE-2021-23797

All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...