Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-7673
node-extend up to and including 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument `A` of `extend` function`(A,B,as,isAargs)` located within `lib/extend.js` is executed by the `eval` function, resulting in code execution.
Node-extend Project Node-extend
NA
CVE-2020-7678
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
Node-import Project Node-import
7.5
CVSSv2
CVE-2020-7721
All versions of package node-oojs are vulnerable to Prototype Pollution via the setPath function.
Node-oojs Project Node-oojs
7.5
CVSSv2
CVE-2020-7785
This affects all versions of package node-ps. The injection point is located in line 72 in lib/index.js.
Node-ps Project Node-ps
6.8
CVSSv2
CVE-2020-7789
This affects the package node-notifier prior to 9.0.0. It allows an malicious user to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
Node-notifier Project Node-notifier
6.4
CVSSv2
CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as...
Node-tar Project Node-tar
4 Github repositories
7.5
CVSSv2
CVE-2017-5941
An issue exists in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Node-serialize Project Node-serialize
4 Github repositories
4.3
CVSSv2
CVE-2011-1855
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors.
Hp Network Node Manager I 9.03
Hp Network Node Manager I 9.02
Hp Network Node Manager I 9.10
Hp Network Node Manager I 9.0.0
Hp Network Node Manager I 9.00
Hp Network Node Manager I 9.01
Hp Network Node Manager I 9.0
7.5
CVSSv2
CVE-2005-2773
HP OpenView Network Node Manager 6.2 up to and including 7.50 allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
Hp Openview Network Node Manager 6.31
Hp Openview Network Node Manager 7.50
Hp Openview Network Node Manager 6.4
Hp Openview Network Node Manager 6.10
Hp Openview Network Node Manager 6.2
Hp Openview Network Node Manager 6.41
Hp Openview Network Node Manager 7.0.1
2 EDB exploits
6.5
CVSSv2
CVE-2011-1534
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors.
Hp Network Node Manager I 9.10
Hp Network Node Manager I 9.0.0
Hp Network Node Manager I 9.01
Hp Network Node Manager I 9.0
Hp Network Node Manager I 9.03
Hp Network Node Manager I 9.02
Hp Network Node Manager I 9.00
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »