Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2021-33218
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded System Passwords that provide shell access.
Commscope Ruckus Iot Controller
10
CVSSv2
CVE-2020-15477
The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function.
Raspberrytorte Raspberrytortoise
10
CVSSv2
CVE-2017-1000228
nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function
Ejs Ejs
1 Github repository
10
CVSSv2
CVE-2015-0278
libuv prior to 0.10.34 does not properly drop group privileges, which allows context-dependent malicious users to gain privileges via unspecified vectors.
Fedoraproject Fedora 21
Libuv Project Libuv
Nodejs Node.js
10
CVSSv2
CVE-2014-7192
Eval injection vulnerability in index.js in the syntax-error package prior to 1.1.1 for Node.js 0.10.x, as used in IBM Rational Application Developer and other products, allows remote malicious users to execute arbitrary code via a crafted file.
Joyent Node.js
1 EDB exploit
9.3
CVSSv2
CVE-2020-8174
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
Nodejs Node.js
Oracle Banking Extensibility Workbench 14.4.0
Oracle Banking Extensibility Workbench 14.3.0
Oracle Retail Xstore Point Of Service 16.0.6
Oracle Retail Xstore Point Of Service 17.0.4
Oracle Retail Xstore Point Of Service 18.0.3
Oracle Retail Xstore Point Of Service 19.0.2
Oracle Retail Xstore Point Of Service 20.0.1
Oracle Mysql Cluster
Oracle Blockchain Platform
Netapp Snapcenter -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
1 Github repository
9.3
CVSSv2
CVE-2016-10647
node-air-sdk is an AIR SDK for nodejs. node-air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is...
Node-air-sdk Project Node-air-sdk -
9.3
CVSSv2
CVE-2016-10622
nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled bin...
Nodeschnaps Project Nodeschnaps
9.3
CVSSv2
CVE-2016-10626
mystem3 is a NodeJS wrapper for the Yandex MyStem 3. mystem3 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the at...
Mystem3 Project Mystem3
9.3
CVSSv2
CVE-2016-10593
ibapi is an Interactive Brokers API addon for NodeJS. ibapi downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. prior to 2.5.6, it may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled b...
Interactivebrokers Ibapi
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »