Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-3741
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and previous versions for Node.js allows remote malicious users to execute arbitrary commands via unspecified characters in the lpr command.
Node-printer Project Node-printer
8.1
CVSSv3
CVE-2016-10618
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Node-browser Project Node-browser
9.8
CVSSv3
CVE-2020-7609
node-rules including 3.0.0 and before 5.0.0 allows injection of arbitrary commands. The argument rules of function "fromJSON()" can be controlled by users without any sanitization.
Node-rules Project Node-rules
NA
CVE-2015-4397
Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote malicious users to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors.
Node Template Project Node Template
9.8
CVSSv3
CVE-2019-10061
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) before 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing malicious users to execute arbitrary commands.
Node-opencv Project Node-opencv
9.8
CVSSv3
CVE-2022-23812
This affects the package node-ipc from 10.1.1 and prior to 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious cod...
Node-ipc Project Node-ipc
3 Github repositories
9.8
CVSSv3
CVE-2018-13797
The macaddress module prior to 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Node-macaddress Project Node-macaddress
7.5
CVSSv3
CVE-2017-16048
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Node-sqlite Project Node-sqlite
7.5
CVSSv3
CVE-2017-16052
`node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Node-fabric Project Node-fabric
7.5
CVSSv3
CVE-2017-16059
mssql-node was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Mssql-node Project Mssql-node
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »