CVSS: 7.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-23090
https://notcve.org/view.php?id=CVE-2025-23090
22 Jan 2025 — With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. • https://hackerone.com/reports/2575105 • CWE-284: Improper Access Control •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-3566 – Command injection vulnerability in programing languages on Microsoft Windows operating system.
https://notcve.org/view.php?id=CVE-2024-3566
10 Apr 2024 — A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. • https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-7689 – Insecure Encryption
https://notcve.org/view.php?id=CVE-2020-7689
01 Jul 2020 — Data is truncated wrong when its length is greater than 255 bytes. Los datos son truncados equivocadamente cuando su longitud es mayor que 255 bytes • https://github.com/kelektiv/node.bcrypt.js/issues/776 • CWE-190: Integer Overflow or Wraparound CWE-327: Use of a Broken or Risky Cryptographic Algorithm •