Lucene search
K

268 matches found

RedhatCVE
RedhatCVE
added last week9 views

CVE-2026-48935

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Mitigation Mitigation for this issue is either not...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/26 1:14 a.m.8 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 1:14 a.m.39 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.7 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 1:14 a.m.20 views

CVE-2026-48935

A vulnerability (CVE-2026-48935) in Node.js Permission API can bypass read‑only restrictions via FileHandle.utimes() in the promises API, allowing metadata modification on a read‑only path. Affected releases include Node.js 22, 24, and 26. The issue is addressed in the openSUSE/SUSE patch for nod...

3.3CVSS6.6AI score0.00154EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39608

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.2AI score0.00154EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/12 7:8 p.m.10 views

TYPO3 CMS has Broken Access Control in Backend API

Problem Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LT...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References7Affected Software2
EUVD
EUVD
added 2026/06/12 7:8 p.m.12 views

EUVD-2026-35399

TYPO3 CMS has Broken Access Control in Backend API...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References6
OSV
OSV
added 2026/06/12 7:8 p.m.8 views

GHSA-2J54-93Q2-3HJQ TYPO3 CMS has Broken Access Control in Backend API

Problem Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. Solution Update to TYPO3 versions 10.4.57 ELTS, 11.5.51 ELTS, 12.4.46 ELTS, 13.4.31 LT...

5.3CVSS5.3AI score0.00238EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/10 3:0 p.m.11 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 11:16 a.m.11 views

CVE-2026-47352

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:53 a.m.33 views

CVE-2026-47352 TYPO3 CMS - Broken Access Control in Backend API

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 10:53 a.m.22 views

CVE-2026-47352

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-47352 for affected TYPO3 versions and remediation.

5.3CVSS5.5AI score0.00238EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 10:53 a.m.8 views

CVE-2026-47352 TYPO3 CMS - Broken Access Control in Backend API

Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storages. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.9 views

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system developed under the TYPO3 open source framework. There is a security vulnerability in TYPO3 CMS. This vulnerability allows authenticated backend users to retrieve file metadata through multiple backend API routes, without proper permission checks. As a...

5.3CVSS5.3AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47745

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Authenticated backend users...

5.3CVSS5.2AI score0.00238EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.6AI score0.003EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 a.m.12 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS0.003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:26 a.m.6 views

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

7.5CVSS5.9AI score0.003EPSS
Exploits0References5
Rows per page
Query Builder