HackerOne Security Vulnerabilities
Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification...
7.5CVSS
7.2AI Score
0.003EPSS
A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder...
5.4CVSS
5.2AI Score
0.001EPSS
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its...
9.8CVSS
9.2AI Score
0.004EPSS
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of...
5.6CVSS
6.3AI Score
0.001EPSS
A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the...
7.5CVSS
7.2AI Score
0.009EPSS
A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto...
9.8CVSS
9.2AI Score
0.004EPSS
Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL...
6.5CVSS
6.4AI Score
0.001EPSS
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto...
9.8CVSS
9.2AI Score
0.004EPSS
Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the...
7.5CVSS
7.5AI Score
0.004EPSS
A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as...
8.8CVSS
8.6AI Score
0.001EPSS
A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL...
7.5CVSS
7.3AI Score
0.002EPSS
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before...
6.1CVSS
6AI Score
0.001EPSS
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto...
9.8CVSS
9.2AI Score
0.004EPSS
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before...
6.1CVSS
6AI Score
0.001EPSS
A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto...
7.5CVSS
7.7AI Score
0.001EPSS