30 matches found
VulnCheck KEV: CVE-2025-59528
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...
EUVD-2025-115796
Malicious code in callback-request-server-node-config npm...
EUVD-2025-116725
Malicious code in andromeda-enceladus-prettier-stylelint-server npm...
EUVD-2022-0616
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-23797
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is. CVE-2021-23797 Note that Nessus relies on the presence o...
Malicious code in voice-quickstart-server-node (npm)
The package voice-quickstart-server-node was found to contain malicious code...
MAL-2025-38546 Malicious code in voice-quickstart-server-node (npm)
The package voice-quickstart-server-node was found to contain malicious code...
Apple Launches Private Cloud Compute for Privacy-Centric AI Processing
Apple has announced the launch of a "groundbreaking cloud intelligence system" called Private Cloud Compute PCC that's designed for processing artificial intelligence AI tasks in a privacy-preserving manner in the cloud. The tech giant described PCC as the "most advanced security architecture eve...
CVE-2024-27922
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...
CVE-2024-27922
CVE-2024-27922 affects TOMP Bare Server (node Bare Server) due to insecure handling of HTTP requests in the @tomphttp/bare-server-node package. The root cause relates to improper handling/validation of HTTP requests, which could allow manipulation of web traffic. Impact is described as potentiall...
CVE-2024-27922 HTTP Handling Vulnerability in the Bare server
TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may var...
gn-math-utopia-v2 (>=1.1.0 <=1.1.2), proxeasyjs (>=0.1.0 <=1.0.1) potentially affected by CVE-2024-27922 via @tomphttp/bare-server-node (=1.2.6)
@tomphttp/bare-server-node NPM version =1.2.6 is affected by a known vulnerability. The following packages have a transitive dependency on @tomphttp/bare-server-node and may be impacted: - gn-math-utopia-v2 =1.1.0, =0.1.0, =1.0.1 Source cves: CVE-2024-27922 Source advisory: OSV:GHSA-86FC-F9GR-V53...
PT-2024-22139
Name of the Vulnerable Software and Affected Versions TOMP Bare Server versions prior to 2.0.2 Description A vulnerability in TOMP Bare Server relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to...
VulnCheck KEV: CVE-2018-12031
Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via server/nodeupgradesrv.js directory traversal with the firmware parameter in a downloadFirmware action...
GHSA-HJ3M-V758-JWX5 Path Traversal in http-server-node
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...
Path Traversal in http-server-node
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...
Directory Traversal
http-server-node is vulnerable to directory traversal. The vulnerability exists due to lack of sanitization of user inputs which allows an attacker to gain access to the files outside of the server scope...
UBUNTU-CVE-2021-23797
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...
Directory traversal
All versions of package http-server-node are vulnerable to Directory Traversal via use of --path-as-is...
CVE-2021-23797
CVE-2021-23797 affects the http-server-node package (all versions) with a Directory Traversal flaw exploitable via the --path-as-is option. The underlying issue is insufficient validation/handling of path parameters, enabling access to sensitive files and compromising confidentiality, integrity, ...