Export limit exceeded: 349929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349929 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3728 | 2 Hapijs, Redhat | 3 Hoek, Mobile Application Platform, Quay | 2024-11-21 | N/A |
| hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3727 | 1 626 Project | 1 626 | 2024-11-21 | 7.5 High |
| 626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3726 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 6.1 Medium |
| crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | ||||
| CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 7.5 High |
| hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3724 | 1 General-file-server Project | 1 General-file-server | 2024-11-21 | N/A |
| general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-11-21 | N/A |
| defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2024-11-21 | N/A |
| merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3721 | 3 Lodash, Netapp, Redhat | 4 Lodash, Active Iq Unified Manager, System Manager and 1 more | 2024-11-21 | 6.5 Medium |
| lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2024-11-21 | 8.8 High |
| assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3719 | 1 Mixin-deep Project | 1 Mixin-deep | 2024-11-21 | 8.8 High |
| mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | ||||
| CVE-2018-3718 | 1 Zeit | 1 Serve | 2024-11-21 | 5.3 Medium |
| serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | ||||
| CVE-2018-3717 | 1 Sencha | 1 Connect | 2024-11-21 | 5.4 Medium |
| connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | ||||
| CVE-2018-3716 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 5.4 Medium |
| simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | ||||
| CVE-2018-3715 | 1 Glance Project | 1 Glance | 2024-11-21 | 6.5 Medium |
| glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2024-11-21 | 6.5 Medium |
| node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3713 | 1 Angular-http-server Project | 1 Angular-http-server | 2024-11-21 | 6.5 Medium |
| angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | ||||
| CVE-2018-3712 | 1 Zeit | 1 Serve | 2024-11-21 | N/A |
| serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. | ||||
| CVE-2018-3711 | 1 Fastify | 1 Fastify | 2024-11-21 | 7.5 High |
| Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. | ||||
| CVE-2018-3710 | 2 Debian, Gitlab | 2 Debian Linux, Gitlab | 2024-11-21 | 7.8 High |
| Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable to an Insecure Temporary File in the project import component resulting remote code execution. | ||||
| CVE-2018-3705 | 1 Intel | 1 System Defense Utility | 2024-11-21 | N/A |
| Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access. | ||||