Vulnerabilidades en HackerOne

470 resultados
CVE-2017-16021uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or notEPSS 1.3%CVE-2016-10556sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server iEPSS 1.3%CVE-2016-10544uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is aEPSS 1.3%CVE-2018-16485Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory treEPSS 1.3%CVE-2018-3718serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.EPSS 1.3%CVE-2018-3717connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.jEPSS 1.3%CVE-2016-10535csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparEPSS 1.3%CVE-2016-10530The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secEPSS 1.3%CVE-2014-10064The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply neEPSS 1.3%CVE-2017-16081cross-env.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.3%CVE-2017-16051`sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.3%CVE-2016-10553sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server iEPSS 1.3%CVE-2017-16047mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.3%CVE-2018-3776Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker's actions not being logged in the audit loEPSS 1.3%CVE-2017-16077mongose was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.EPSS 1.2%CVE-2016-10543call is an HTTP router that is primarily used by the hapi framework. There exists a bug in call versions 2.0.1-3.0.1 that does not validate EPSS 1.2%CVE-2018-3775Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 FEPSS 1.2%CVE-2017-0930augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read coEPSS 1.2%CVE-2017-16136method-override is a module used by the Express.js framework to let you use HTTP verbs such as PUT or DELETE in places where the client doesEPSS 1.2%CVE-2016-10548Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possEPSS 1.2%