Node.js库曝高危漏洞:开发者必读的安全警示

近日,Node.js生态系统中的一个重要库——Systeminformation,曝出了一项严重的安全漏洞,编号为CVE-2025-68154。这一漏洞的存在,给Windows用户带来了远程代码执行的风险,攻击者可以利用这一漏洞在受影响的计算机上运行恶意代码,造成系统的潜在威胁。 Systeminformation库广泛应用于开发者收集计算机系统信息,包括磁盘空间、内存使用和正在运行的进程等。这一 ...

React/Next.js 曝满分RCE漏洞,无需认证即可远程代码执行

近期,聚铭安全攻防实验室监测发现了一项与React Server Components相关的远程代码执行漏洞, 该漏洞已被披露,编号为 CVE-2025-55182,CVSS 评分为 10.0 。 该漏洞主要波及react-server-dom-webpack的Server Actions功能。由于在处理客户端提交的表单数据时,系统未能实施充分的安全性校验,导致攻击者能够通过精心设计的恶意表单请求 ...
腾讯网

朝鲜关联黑客组织利用React2Shell漏洞部署新型EtherRAT恶意软件

EtherRAT与C2服务器建立联系后,会进入每500毫秒执行一次的轮询循环,将任何超过10个字符的响应解释为要在受感染机器上运行的JavaScript代码。该恶意软件通过五种不同方法实现持久化: ...
InfoWorld

10 JavaScript concepts you need to succeed with Node

Even with competition from newer runtimes Deno and Bun, Node.js remains the flagship JavaScript platform on the server. Server-side Node frameworks like Express, build-chain tools like Webpack, and a ...
TheServerSide

Node.js file upload example with Ajax and JavaScript

Community driven content discussing all aspects of software development from DevOps to design patterns. The art of the file upload is not elegantly addressed in languages such as Java and Python. But ...

New managed web hosting service brings flat-rate node.js pricing

Support rolled out for up to 10 node.js web apps on Cloud Startup plans in early December and then up to 5 node.js web apps on the Business hosting plan. To host an app you can manually upload files ...
InfoWorld

Intro to multithreaded JavaScript

Escape the single-threaded event loop in browsers and on the server. Here's how to use worker threads and web workers for modern multithreading in JavaScript. The JavaScript language is one of the ...