Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / npm

npm

3,968 tracked vulnerabilities.

CVE-2026-22170 MEDIUM

OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration

CVE-2026-22169 MEDIUM

OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins

CVE-2026-22168 MEDIUM

OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run

CVE-2026-29057 MEDIUM

Next.js: HTTP request smuggling in rewrites

CVE-2026-27980 HIGH

Next.js: Unbounded next/image disk cache growth can exhaust storage

CVE-2026-27979 HIGH

Next.js 16.0.1-16.1.6 - Postponed Resume Buffering Denial of Service

CVE-2026-27978 MEDIUM

Next.js: null origin can bypass Server Actions CSRF checks

CVE-2026-27977 MEDIUM

Next.js: null origin can bypass dev HMR websocket CSRF checks

CVE-2026-4258 HIGH

sjcl - Improper Verification of Cryptographic Signature

CVE-2026-32774 MEDIUM

Vulnogram - Stored Cross-Site Scripting via Comment Hypertext

CVE-2026-32630 MEDIUM

file-type affected by ZIP Decompression Bomb DoS via [Content_Types].xml entry

CVE-2026-32594 HIGH

Parse Server GraphQL WebSocket endpoint bypasses security middleware

CVE-2026-32598 MEDIUM

OneUptime <10.0.24 - Info Disclosure

CVE-2026-32308 HIGH

OneUptime < 10.0.23 - Stored Cross-Site Scripting via Mermaid Diagram Click Directive

CVE-2026-32306 CRITICAL

OneUptime < 10.0.23 - Authenticated SQL Injection via Telemetry API Parameters

CVE-2026-32304 CRITICAL

locutus < 3.0.14 - Remote Code Execution via create_function

CVE-2026-32302 HIGH

OpenClaw < 2026.3.11 - Unauthenticated Privilege Escalation via WebSocket Origin Validation Bypass

CVE-2026-31882 HIGH

dagu < 2.2.4 - Unauthenticated Information Disclosure via Server-Sent Events Endpoints

CVE-2026-2581 MEDIUM

Undici 6.24.0-7.23.9 - Denial of Service via Deduplication Interceptor Memory Accumulation

CVE-2026-2229 HIGH

undici < 6.24.0 and 7.0.0-7.24.0 - Denial of Service via Invalid server_max_window_bits Parameter

CVE-2026-1528 HIGH

undici 6.0.0-6.23.9 7.0.0-7.23.9 - Denial of Service via WebSocket Frame Length Overflow

CVE-2026-1527 MEDIUM

undici < 6.24.0 and 7.0.0-7.23.9 - HTTP Request Smuggling via CRLF Injection in Upgrade Header

CVE-2026-1526 HIGH

undici < 6.24.0 and 7.0.0-7.24.0 - Denial of Service via PerMessageDeflate Decompression Bomb

CVE-2026-32269 MEDIUM

Parse Server <9.6.0-alpha.13/8.6.39 - Auth Bypass

CVE-2026-32248 CRITICAL

Parse Server <9.6.0-alpha.12/8.6.38 - Auth Bypass

Previous Page 29 of 159 Next

Products

openclaw 393 parse-server 92 n8n 62 directus 53 electron 48 flowise 48 next 47 vm2 32 hono 25 nocodb 25 axios 24 undici 22 ghost 21 vite 19 astro 17 ckeditor4 15 fuxa-server 15 jspdf 15 tar 15 joplin 14 nodebb 14 sequelize 14 tinymce 14 flowise-components 13 signalk-server 13 angular 12 dompurify 12 handlebars 12 jsrsasign 12 matrix-js-sdk 12

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy