Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-0895
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors.
Hp Network Node Manager I 8.13.005
Hp Network Node Manager I 8.11.002
Hp Network Node Manager I 9.01
Hp Network Node Manager I 9.02
Hp Network Node Manager I 9.03
Hp Network Node Manager I 8.10
Hp Network Node Manager I 9.0
Hp Network Node Manager I 8.13.006
Hp Network Node Manager I 8.12.004
NA
CVE-2003-1493
Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allows remote malicious users to cause a denial of service (memory exhaustion) via crafted TCP packets.
Hp Openview Network Node Manager 6.10
Hp Openview Network Node Manager 6.2
Hp Openview Network Node Manager 6.4
Hp Openview Network Node Manager 5.0.1
Hp Openview Network Node Manager 6.0.1
Hp Openview Network Node Manager 6.41
Hp Openview Network Node Manager 6.1
Hp Openview Network Node Manager 6.31
5.3
CVSSv3
CVE-2023-40178
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logg...
Node Saml Project Node Saml
9.8
CVSSv3
CVE-2020-7609
node-rules including 3.0.0 and before 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
Node-rules Project Node-rules
9.8
CVSSv3
CVE-2020-7721
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
Node-oojs Project Node-oojs
9.8
CVSSv3
CVE-2017-5941
An issue exists in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Node-serialize Project Node-serialize
4 Github repositories
7.5
CVSSv3
CVE-2022-25231
The package node-opcua prior to 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
Node-opcua Project Node-opcua
9.8
CVSSv3
CVE-2020-7785
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.
Node-ps Project Node-ps
5.6
CVSSv3
CVE-2020-7789
This affects the package node-notifier prior to 9.0.0. It allows an malicious user to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
Node-notifier Project Node-notifier
8.1
CVSSv3
CVE-2016-10618
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Node-browser Project Node-browser
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »