Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node-red vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2019-15607
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the malicious user to steal session cookies, deface web applications, etc.
Nodered Node-red
6.5
CVSSv3
CVE-2021-21297
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and previous versions contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the poten...
Nodered Node-red
2 Github repositories
6.5
CVSSv3
CVE-2021-21298
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and previous versions has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is ...
Nodered Node-red
5.4
CVSSv3
CVE-2019-10756
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.
Nodered Node-red-dashboard
6.1
CVSSv3
CVE-2022-3783
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting....
Nodered Node-red-dashboard
7.5
CVSSv3
CVE-2021-3223
Node-RED-Dashboard prior to 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Nodered Node-red-dashboard
7.5
CVSSv3
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Dgtl Huemagic 3.0.0
7.5
CVSSv3
CVE-2021-26504
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote malicious users to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.
Dgtl Huemagic 3.0.0
NA
CVE-2021-332172
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT C...
9.8
CVSSv3
CVE-2021-33218
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded System Passwords that provide shell access.
Commscope Ruckus Iot Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »