Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349538 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3738 | 1 Protobufjs Project | 1 Protobufjs | 2024-11-21 | 5.5 Medium |
| protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files. | ||||
| CVE-2018-3737 | 2 Joyent, Redhat | 2 Sshpk, Rhel Software Collections | 2024-11-21 | 7.5 High |
| sshpk is vulnerable to ReDoS when parsing crafted invalid public keys. | ||||
| CVE-2018-3735 | 1 Bracket-template Project | 1 Bracket-template | 2024-11-21 | 6.1 Medium |
| bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template | ||||
| CVE-2018-3734 | 1 Stattic Project | 1 Stattic | 2024-11-21 | 7.5 High |
| stattic node module suffers from a Path Traversal vulnerability due to lack of validation of path, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3733 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 7.5 High |
| crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3732 | 1 Resolve-path Project | 1 Resolve-path | 2024-11-21 | 7.5 High |
| resolve-path node module before 1.4.0 suffers from a Path Traversal vulnerability due to lack of validation of paths with certain special characters, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3731 | 1 Public.js Project | 1 Public.js | 2024-11-21 | 7.5 High |
| public node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2024-11-21 | 7.5 High |
| mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3729 | 1 Localhost-now Project | 1 Localhost-now | 2024-11-21 | 7.5 High |
| localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3728 | 2 Hapijs, Redhat | 3 Hoek, Mobile Application Platform, Quay | 2024-11-21 | N/A |
| hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3727 | 1 626 Project | 1 626 | 2024-11-21 | 7.5 High |
| 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3726 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 6.1 Medium |
| crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | ||||
| CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 7.5 High |
| hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3724 | 1 General-file-server Project | 1 General-file-server | 2024-11-21 | N/A |
| general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-11-21 | N/A |
| defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2024-11-21 | N/A |
| merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3721 | 3 Lodash, Netapp, Redhat | 4 Lodash, Active Iq Unified Manager, System Manager and 1 more | 2024-11-21 | 6.5 Medium |
| lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2024-11-21 | 8.8 High |
| assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3719 | 1 Mixin-deep Project | 1 Mixin-deep | 2024-11-21 | 8.8 High |
| mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2024-11-21 | 5.3 Medium |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | ||||