Vulnerabilities (CVE)

Total 298657 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-3730 1 Mcstatic Project 1 Mcstatic 2024-11-21 5.0 MEDIUM 7.5 HIGH
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path.
CVE-2018-3729 1 Localhost-now Project 1 Localhost-now 2024-11-21 5.0 MEDIUM 7.5 HIGH
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
CVE-2018-3728 1 Hapijs 1 Hoek 2024-11-21 6.5 MEDIUM 8.8 HIGH
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2018-3727 1 626 Project 1 626 2024-11-21 5.0 MEDIUM 7.5 HIGH
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
CVE-2018-3726 1 Crud-file-server Project 1 Crud-file-server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
CVE-2018-3725 1 Hekto Project 1 Hekto 2024-11-21 5.0 MEDIUM 7.5 HIGH
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path.
CVE-2018-3724 1 General-file-server Project 1 General-file-server 2024-11-21 5.0 MEDIUM 7.5 HIGH
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path.
CVE-2018-3723 1 Defaults-deep Project 1 Defaults-deep 2024-11-21 6.5 MEDIUM 8.8 HIGH
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2018-3722 1 Merge-deep Project 1 Merge-deep 2024-11-21 6.5 MEDIUM 8.8 HIGH
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2018-3721 2 Lodash, Netapp 3 Lodash, Active Iq Unified Manager, System Manager 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2018-3720 1 Assign-deep Project 1 Assign-deep 2024-11-21 6.5 MEDIUM 8.8 HIGH
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2018-3719 1 Mixin-deep Project 1 Mixin-deep 2024-11-21 6.5 MEDIUM 8.8 HIGH
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVE-2018-3718 1 Zeit 1 Serve 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.
CVE-2018-3717 1 Sencha 1 Connect 2024-11-21 3.5 LOW 5.4 MEDIUM
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVE-2018-3716 1 Simplehttpserver Project 1 Simplehttpserver 2024-11-21 3.5 LOW 5.4 MEDIUM
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
CVE-2018-3715 1 Glance Project 1 Glance 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path.
CVE-2018-3714 1 Node-srv Project 1 Node-srv 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.
CVE-2018-3713 1 Angular-http-server Project 1 Angular-http-server 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.
CVE-2018-3712 1 Zeit 1 Serve 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path.
CVE-2018-3711 1 Fastify 1 Fastify 2024-11-21 5.0 MEDIUM 7.5 HIGH
Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.