Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
node.js vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2016-10623
macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with ...
Macaca-chromedriver-zxa Project Macaca-chromedriver-zxa
9.3
CVSSv2
CVE-2016-10633
dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled bi...
Dwebp-bin Project Dwebp-bin
9.3
CVSSv2
CVE-2016-10571
bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with a...
Bkjs-wand Project Bkjs-wand
9.3
CVSSv2
CVE-2016-10558
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attack...
Aerospike Aerospike
9.3
CVSSv2
CVE-2016-10586
macaca-chromedriver is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver prior to 1.0.29 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested bina...
Macacajs Macaca-chromedriver
9.3
CVSSv2
CVE-2016-10590
cue-sdk-node is a Corsair Cue SDK wrapper for node.js. cue-sdk-node downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip fil...
Cue-sdk-node Project Cue-sdk-node
9.3
CVSSv2
CVE-2016-10698
mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an at...
Mystem-fix Project Mystem-fix
9.3
CVSSv2
CVE-2017-12581
GitHub Electron prior to 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent...
Electron Electron
9.3
CVSSv2
CVE-2016-1669
The Zone::New function in zone.cc in Google V8 prior to 5.0.71.47, as used in Google Chrome prior to 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote malicious users to cause a denial of service (buffer overflow) or possibl...
Debian Debian Linux 8.0
Google Chrome
Opensuse Opensuse 13.1
Google V8
Nodejs Node.js
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 16.04
1 Article
8.5
CVSSv2
CVE-2019-17625
There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.j...
Rambox Rambox 0.6.9
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-3611
CVE-2024-4947
CVE-2024-32988
CVE-2020-35165
local file inclusion
CVE-2024-4980
bypass
malicious code
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »