Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node-red vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-15607
A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the malicious user to steal session cookies, deface web applications, etc.
Nodered Node-red
357
VMScore
CVE-2021-21297
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and previous versions contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the poten...
Nodered Node-red
2 Github repositories
312
VMScore
CVE-2021-21298
Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and previous versions has a vulnerability which allows arbitrary path traversal via the Projects API. If the Projects feature is enabled, a user with `projects.read` permission is ...
Nodered Node-red
448
VMScore
CVE-2021-3223
Node-RED-Dashboard prior to 2.26.2 allows ui_base/js/..%2f directory traversal to read files.
Nodered Node-red-dashboard
NA
CVE-2022-3783
A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting....
Nodered Node-red-dashboard
312
VMScore
CVE-2019-10756
It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default.
Nodered Node-red-dashboard
445
VMScore
CVE-2021-25864
node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.
Dgtl Huemagic 3.0.0
NA
CVE-2021-26504
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote malicious users to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.
Dgtl Huemagic 3.0.0
NA
CVE-2021-332172
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT C...
801
VMScore
CVE-2021-33217
An issue exists in CommScope Ruckus IoT Controller 1.7.1.0 and previous versions. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
Commscope Ruckus Iot Controller
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111
CVE-2024-32884
IDOR
CVE-2023-1000
CVE-2024-33260
CVE-2024-3682
reflected XSS
race condition
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »