Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2015-8851
node-uuid prior to 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for malicious users to have unspecified impact via brute force guessing.
Node-uuid Project Node-uuid
1 Github repository
5.9
CVSSv3
CVE-2022-2596
Inefficient Regular Expression Complexity in GitHub repository node-fetch/node-fetch before 3.2.10.
Node-fetch Project Node-fetch
NA
CVE-2015-3370
Cross-site request forgery (CSRF) vulnerability in the Node Invite module prior to 6.x-2.5 for Drupal allows remote malicious users to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via...
Node Invite Project Node Invite
NA
CVE-2015-3371
Open redirect vulnerability in the Node Invite module prior to 6.x-2.5 for Drupal allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
Node Invite Project Node Invite
NA
CVE-2015-4397
Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote malicious users to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors.
Node Template Project Node Template
7.5
CVSSv3
CVE-2022-24375
The package node-opcua prior to 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.
Node-opcua Project Node-opcua
9.8
CVSSv3
CVE-2022-23812
This affects the package node-ipc from 10.1.1 and prior to 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious cod...
Node-ipc Project Node-ipc
3 Github repositories
6.5
CVSSv3
CVE-2018-3714
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
Node-srv Project Node-srv
9.8
CVSSv3
CVE-2018-13797
The macaddress module prior to 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call.
Node-macaddress Project Node-macaddress
7.5
CVSSv3
CVE-2017-16048
`node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.
Node-sqlite Project Node-sqlite
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »