Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2020-7632
node-mpv up to and including 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument.
Node-mpv Project Node-mpv
668
VMScore
CVE-2020-7673
node-extend up to and including 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution.
Node-extend Project Node-extend
NA
CVE-2020-7678
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
Node-import Project Node-import
605
VMScore
CVE-2015-3370
Cross-site request forgery (CSRF) vulnerability in the Node Invite module prior to 6.x-2.5 for Drupal allows remote malicious users to hijack the authentication of users with the "node_invite_can_manage_invite" permission for requests that re-enable node invitations via...
Node Invite Project Node Invite
516
VMScore
CVE-2015-3371
Open redirect vulnerability in the Node Invite module prior to 6.x-2.5 for Drupal allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter.
Node Invite Project Node Invite
312
VMScore
CVE-2015-3372
Cross-site scripting (XSS) vulnerability in the Node Invite module prior to 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title.
Node Invite Project Node Invite
571
VMScore
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as...
Node-tar Project Node-tar
4 Github repositories
NA
CVE-2022-25231
The package node-opcua prior to 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.
Node-opcua Project Node-opcua
605
VMScore
CVE-2015-4397
Cross-site request forgery (CSRF) vulnerability in the Node Template module for Drupal allows remote malicious users to hijack the authentication of users with the "access node template" permission for requests that delete node templates via unspecified vectors.
Node Template Project Node Template
605
VMScore
CVE-2016-10618
node-browser is a wrapper webdriver by nodejs. node-browser downloads resources over HTTP, which leaves it vulnerable to MITM attacks.
Node-browser Project Node-browser
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4541
CVE-2024-3080
CVE-2024-4787
log injection
CVE-2024-5967
inject
CVE-2024-30078
CVE-2024-5899
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »