CVE Tools

hackerone

OSS LibrariesUScommercial

366

Cumulative CVEs

5

Monthly snapshots

#2

Peak rank

Top products

m-server2 express-cart1 airmax, edgemax1

Latest CVEs

The 15 most recently published vulnerabilities affecting hackerone.

CVE-2017-0938Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks.7.5Feb 12, 2019
CVE-2018-16493A path traversal vulnerability was found in module static-resource-server 1.7.2 that allows unauthorized read access to any file on the server by appending slashes in the URL.7.5Feb 1, 2019
CVE-2018-16492A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.9.8Feb 1, 2019
CVE-2018-16491A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.9.8Feb 1, 2019
CVE-2018-16490A prototype pollution vulnerability was found in module mpath <0.5.1 that allows an attacker to inject arbitrary properties onto Object.prototype.7.5Feb 1, 2019
CVE-2018-16489A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.9.8Feb 1, 2019
CVE-2018-16487A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.5.6Feb 1, 2019
CVE-2018-16486A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.9.8Feb 1, 2019
CVE-2018-16485Path Traversal vulnerability in module m-server <1.4.1 allows malicious user to access unauthorized content of any file in the directory tree e.g. /etc/passwd by appending slashes to the URL request.6.5Feb 1, 2019
CVE-2018-16484A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.5.4Feb 1, 2019
CVE-2018-16483A deficiency in the access control in module express-cart <=1.1.5 allows unprivileged users to add new users to the application as administrators.8.8Feb 1, 2019
CVE-2018-16482A server directory traversal vulnerability was found on node module mcstatic <=0.0.20 that would allow an attack to access sensitive information in the file system by appending slashes in the URL p...7.5Feb 1, 2019
CVE-2018-16481A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.6.1Feb 1, 2019
CVE-2018-16480A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.6.1Feb 1, 2019
CVE-2018-16479Path traversal vulnerability in http-live-simulator <1.0.7 causes unauthorized access to arbitrary files on disk by appending extra slashes after the URL.7.5Feb 1, 2019