Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2014-3741
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and previous versions for Node.js allows remote malicious users to execute arbitrary commands via unspecified characters in the lpr command.
Node-printer Project Node-printer
9.8
CVSSv3
CVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent malicious users to have unspecified impact by leveraging improper pointer arithmetic.
Zlib Zlib
Opensuse Leap 42.2
Opensuse Leap 42.1
Opensuse Opensuse 13.2
Debian Debian Linux 8.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 16.04
Oracle Mysql
Oracle Database Server 18c
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jdk 1.6.0
Oracle Jre 1.6.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Eus 7.4
1 Github repository
9.8
CVSSv3
CVE-2017-5954
An issue exists in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Serialize-to-js Project Serialize-to-js 0.5.0
9.8
CVSSv3
CVE-2017-5941
An issue exists in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).
Node-serialize Project Node-serialize
4 Github repositories
9.8
CVSSv3
CVE-2015-8857
The uglify-js package prior to 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow malicious users to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Java...
Uglifyjs Project Uglifyjs
1 Github repository
9.8
CVSSv3
CVE-2016-3987
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
Trendmicro Password Manager -
1 EDB exploit
9.4
CVSSv3
CVE-2021-31597
The xmlhttprequest-ssl package prior to 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate ...
Xmlhttprequest-ssl Project Xmlhttprequest-ssl
9.1
CVSSv3
CVE-2022-35255
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() alwa...
Nodejs Node.js
Siemens Sinec Ins 1.0
Siemens Sinec Ins
Debian Debian Linux 11.0
9.1
CVSSv3
CVE-2021-28860
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the pro...
Adaltas Mixme
9.1
CVSSv3
CVE-2021-30246
In the jsrsasign package up to and including 10.1.13 for Node.js, some invalid RSA PKCS#1 v1.5 signatures are mistakenly recognized to be valid. NOTE: there is no known practical attack.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2024-5274
CVE-2020-17519
CVE-2024-35340
CVE-2021-47558
local
XML injection
CVE-2021-47519
CVE-2021-47543
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »