Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nodejs vulnerabilities and exploits
(subscribe to this query)
9.6
CVSSv3
CVE-2021-21413
isolated-vm is a library for nodejs which gives you access to v8's Isolate interface. Versions of isolated-vm before v4.0.0 have API pitfalls which may make it easy for implementers to expose supposed secure isolates to the permissions of the main nodejs isolate. Reference o...
Isolated-vm Project Isolated-vm
9.4
CVSSv3
CVE-2019-6644
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if the plugin is left in deb...
F5 Big-ip Local Traffic Manager
F5 Big-ip Local Traffic Manager 14.1.0
F5 Big-ip Local Traffic Manager 14.0.0
F5 Big-ip Advanced Firewall Manager 14.1.0
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Advanced Firewall Manager 14.0.0
F5 Big-ip Application Acceleration Manager
F5 Big-ip Application Acceleration Manager 14.0.0
F5 Big-ip Application Acceleration Manager 14.1.0
F5 Big-ip Analytics 14.0.0
F5 Big-ip Analytics
F5 Big-ip Analytics 14.1.0
F5 Big-ip Access Policy Manager
F5 Big-ip Access Policy Manager 14.0.0
F5 Big-ip Access Policy Manager 14.1.0
F5 Big-ip Application Security Manager
F5 Big-ip Application Security Manager 14.1.0
F5 Big-ip Application Security Manager 14.0.0
F5 Big-ip Edge Gateway 14.1.0
F5 Big-ip Edge Gateway
F5 Big-ip Edge Gateway 14.0.0
F5 Big-ip Fraud Protection Service
9.1
CVSSv3
CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() alwa...
Nodejs Node.js
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 11.0
9.1
CVSSv3
CVE-2021-41117
keypair is a a RSA PEM key generator written in javascript. keypair implements a lot of cryptographic primitives on its own or by borrowing from other libraries where possible, including node-forge. An issue exists where this library was generating identical RSA keys used in SSH....
Keypair Project Keypair
2 Github repositories
9.1
CVSSv3
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Lodash Lodash
Netapp Service Level Manager -
Netapp Active Iq Unified Manager -
Redhat Virtualization Manager 4.3
Oracle Banking Extensibility Workbench 14.4.0
Oracle Banking Extensibility Workbench 14.3.0
F5 Big-iq Centralized Management
F5 Iworkflow 2.3.0
F5 Big-iq Centralized Management 7.0.0
F5 Big-ip Analytics
F5 Big-ip Local Traffic Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
F5 Big-ip Access Policy Manager
F5 Big-ip Application Security Manager
F5 Big-ip Domain Name System
F5 Big-ip Fraud Protection Service
F5 Big-ip Global Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Edge Gateway
F5 Big-ip Webaccelerator
6 Github repositories
9.1
CVSSv3
CVE-2017-15896
Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards to the use of SSL_read() due to TLS handshake failure. The result was that an active network attacker could send application data to Node.js using the TLS or HTTP2 modules in a way that bypassed TLS authentica...
Nodejs Node.js
8.8
CVSSv3
CVE-2023-32004
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects a...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2023-32006
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and,...
Nodejs Node.js
Fedoraproject Fedora 37
Fedoraproject Fedora 38
8.8
CVSSv3
CVE-2023-34232
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions before 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in (1) est...
Snowflake Snowflake Connector
8.8
CVSSv3
CVE-2021-33217
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
Commscope Ruckus Iot Controller
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »