Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2021-40829
Connections initialized by the AWS IoT Device SDK v2 for Java (versions before 1.4.2), Python (versions before 1.6.1), C++ (versions before 1.12.7) and Node.js (versions before 1.5.3) did not verify server certificate hostname during TLS handshake when overriding Certificate Auth...
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-40830
The AWS IoT Device SDK v2 for Java, Python, C++ and Node.js appends a user supplied Certificate Authority (CA) to the root CAs instead of overriding it on Unix systems. TLS handshakes will thus succeed if the peer can be verified either from the user-supplied CA or the system&rsq...
Amazon Amazon Web Services Aws-c-io 0.10.4
Amazon Amazon Web Services Internet Of Things Device Software Development Kit V2
8.8
CVSSv3
CVE-2021-33205
Western Digital EdgeRover prior to 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admin privileges and carry out malicious ac...
Westerndigital Edgerover
8.8
CVSSv3
CVE-2021-21368
msgpack5 is a msgpack v5 implementation for node.js and the browser. In msgpack5 prior to 3.6.1, 4.5.1, and 5.2.1 there is a "Prototype Poisoning" vulnerability. When msgpack5 decodes a map containing a key "__proto__", it assigns the decoded value to __proto_...
Msgpack5 Project Msgpack5
8.8
CVSSv3
CVE-2020-4700
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 up to and including 6.0.3.2 and 5.2.0.0 up to and including 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077.
Ibm Sterling B2b Integrator
8.8
CVSSv3
CVE-2020-10531
An issue exists in International Components for Unicode (ICU) for C/C++ up to and including 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
Icu-project International Components For Unicode
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Google Chrome
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 33
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Opensuse Leap 15.1
Oracle Banking Extensibility Workbench 14.4.0
Oracle Banking Extensibility Workbench 14.3.0
Nodejs Node.js
8.8
CVSSv3
CVE-2019-19771
The lodahs package 0.0.1 for Node.js is a Trojan horse, and may have been installed by persons who mistyped the lodash package name. In particular, the Trojan horse finds and exfiltrates cryptocurrency wallets.
Lodahs Project Lodahs 1.0.0
8.8
CVSSv3
CVE-2018-3754
Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an malicious user to run arbitrary SQL queries when fetching data from database.
Query-mysql Project Query-mysql 0.0.1
Query-mysql Project Query-mysql 0.0.2
Query-mysql Project Query-mysql 0.0.0
1 Github repository
8.8
CVSSv3
CVE-2018-12519
An issue exists in ShopNx through 2017-11-17. The vulnerability allows a remote malicious user to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
Codenx Shopnx
1 EDB exploit
8.8
CVSSv3
CVE-2016-1669
The Zone::New function in zone.cc in Google V8 prior to 5.0.71.47, as used in Google Chrome prior to 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote malicious users to cause a denial of service (buffer overflow) or possibl...
Debian Debian Linux 8.0
Google Chrome
Opensuse Opensuse 13.1
Google V8
Nodejs Node.js
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »