Lucene search
+L

25 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-0317

Malware in sbrugna...

8.1CVSS8.1AI score0.01069EPSS
Exploits0References5
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-0328

Malware in sbrugna...

7.8CVSS7.6AI score0.06488EPSS
Exploits0References10
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18909

Malware in sbrugna...

7.5CVSS8.5AI score0.07214EPSS
Exploits0References8
euvd
euvd
added 2025/10/03 8:7 p.m.25 views

EUVD-2022-6640

Malicious code in bioql PyPI...

5.3CVSS6.5AI score0.00999EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-28000

Malicious code in bioql PyPI...

7.5CVSS7.2AI score0.02023EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-53423

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.02011EPSS
Exploits1References3
redhatcve
redhatcve
added 2025/08/06 7:30 p.m.5 views

CVE-2025-8522

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity o...

5CVSS5.1AI score0.00327EPSS
Exploits1References1
cvelist
cvelist
added 2025/07/18 10:54 p.m.51 views

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

7.5CVSS0.09752EPSS
Exploits5References1
redhatcve
redhatcve
added 2025/05/22 11:10 p.m.6 views

CVE-2022-36046

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server...

5.3CVSS6.7AI score0.00999EPSS
Exploits0
cvelist
cvelist
added 2025/05/19 7:28 p.m.56 views

CVE-2025-47949 samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...

9.9CVSS0.00458EPSS
Exploits0References2
ibm
ibm
added 2025/05/06 9:46 a.m.27 views

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to a vulnerability found in Node.js

Summary There is a vulnerability in Node.js used by IBM Cloud Transformation Advisor CVE-2024-57699. Vulnerability Details CVEID:CVE-2024-57699 DESCRIPTION: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number...

7.5CVSS6.9AI score0.00566EPSS
Exploits0Affected Software1
ibm
ibm
added 2025/05/06 9:39 a.m.26 views

Security Bulletin: IBM Application Modernization Accelerator is vulnerable to a vulnerability found in Node.js

Summary There is a vulnerability in Node.js used by IBM Application Modernization Accelerator CVE-2024-57699. Vulnerability Details CVEID:CVE-2024-57699 DESCRIPTION: A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a lar...

7.5CVSS6.9AI score0.00566EPSS
Exploits0Affected Software1
cve
cve
added 2025/03/14 5:5 p.m.2073 views

CVE-2025-29774

CVE-2025-29774 concerns the xml-crypto Node.js library. The issue allows an attacker to modify a valid signed XML message such that signature verification still passes, enabling bypass of authentication/authorization in systems that rely on xml-crypto for verifying signed XML. Affected versions a...

9.3CVSS6.9AI score0.0905EPSS
Exploits0References8
vulnrichment
vulnrichment
added 2025/03/11 12:0 a.m.8 views

CVE-2024-28607

The ip-utils package through 2.4.0 for Node.js might allow SSRF because some IP addresses such as 0x7f.1 are improperly categorized as globally routable via a falsy isPrivate return value...

2.9CVSS4AI score0.0014EPSS
Exploits0References2
nessus
nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-22019

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and...

7.5CVSS7AI score0.03168EPSS
Exploits0References2
nessus
nessus
added 2025/03/04 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2017-15897

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node.js had a bug in versions 8.X and 9.X which caused buffers to not be initialized when the encoding for the fill value did not match the encoding specified...

4.3CVSS6.7AI score0.02303EPSS
Exploits0References2
osv
osv
added 2024/12/16 2:0 p.m.15 views

BIT-NODE-MIN-2023-23918

A privilege escalation vulnerability exists in Node.js 19.6.1, 18.14.1, 16.19.1 and 14.21.3 that made it possible to bypass the experimental Permissions https://nodejs.org/api/permissions.html feature in Node.js and access non authorized modules by using process.mainModule.require. This only...

7.5CVSS7.6AI score0.02023EPSS
Exploits0References3
osv
osv
added 2024/12/16 1:59 p.m.10 views

BIT-NODE-MIN-2023-30586

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine API can be used to bypass...

7.5CVSS7.5AI score0.01348EPSS
Exploits0References3
osv
osv
added 2024/12/16 1:58 p.m.17 views

BIT-NODE-MIN-2023-32002

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

9.8CVSS8.2AI score0.0143EPSS
Exploits0References3
osv
osv
added 2024/12/16 1:54 p.m.13 views

BIT-NODE-MIN-2024-22025

A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch function in Node.js always decodes Brotli, making i...

6.5CVSS7.2AI score0.01309EPSS
Exploits0References8
Rows per page
Query Builder