Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node-red vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-33219
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
Commscope Ruckus Iot Controller
9.8
CVSSv3
CVE-2021-33218
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. There are Hard-coded System Passwords that provide shell access.
Commscope Ruckus Iot Controller
8.8
CVSSv3
CVE-2021-33217
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
Commscope Ruckus Iot Controller
7.5
CVSSv3
CVE-2021-26504
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote malicious users to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.
Dgtl Huemagic 3.0.0
7.5
CVSSv3
CVE-2021-3223
Node-RED-Dashboard prior to 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Nodered Node-red-dashboard
7.5
CVSSv3
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Dgtl Huemagic 3.0.0
6.5
CVSSv3
CVE-2021-21297
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and previous versions contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the poten...
Nodered Node-red
2 Github repositories
6.5
CVSSv3
CVE-2021-21298
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and previous versions has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is ...
Nodered Node-red
6.1
CVSSv3
CVE-2022-3783
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting....
Nodered Node-red-dashboard
5.4
CVSSv3
CVE-2019-15607
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the malicious user to steal session cookies, deface web applications, etc.
Nodered Node-red
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »