Total
298657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-3730 | 1 Mcstatic Project | 1 Mcstatic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
mcstatic node module suffers from a Path Traversal vulnerability due to lack of validation of filePath, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3729 | 1 Localhost-now Project | 1 Localhost-now | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3728 | 1 Hapijs | 1 Hoek | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3727 | 1 626 Project | 1 626 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
626 node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3726 | 1 Crud-file-server Project | 1 Crud-file-server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | |||||
CVE-2018-3725 | 1 Hekto Project | 1 Hekto | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
hekto node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3724 | 1 General-file-server Project | 1 General-file-server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
general-file-server node module suffers from a Path Traversal vulnerability due to lack of validation of currpath, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3721 | 2 Lodash, Netapp | 3 Lodash, Active Iq Unified Manager, System Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3720 | 1 Assign-deep Project | 1 Assign-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3719 | 1 Mixin-deep Project | 1 Mixin-deep | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
CVE-2018-3718 | 1 Zeit | 1 Serve | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded. | |||||
CVE-2018-3717 | 1 Sencha | 1 Connect | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | |||||
CVE-2018-3716 | 1 Simplehttpserver Project | 1 Simplehttpserver | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | |||||
CVE-2018-3715 | 1 Glance Project | 1 Glance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
glance node module before 3.0.4 suffers from a Path Traversal vulnerability due to lack of validation of path passed to it, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3714 | 1 Node-srv Project | 1 Node-srv | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3713 | 1 Angular-http-server Project | 1 Angular-http-server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path. | |||||
CVE-2018-3712 | 1 Zeit | 1 Serve | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
serve node module before 6.4.9 suffers from a Path Traversal vulnerability due to not handling %2e (.) and %2f (/) and allowing them in paths, which allows a malicious user to view the contents of any directory with known path. | |||||
CVE-2018-3711 | 1 Fastify | 1 Fastify | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload. |