Lucene search
K

32 matches found

CVE
CVE
added 2026/06/09 8:46 a.m.34 views

CVE-2026-46748

CVE-2026-46748 affects SINEC INS (all versions

8.8CVSS5.5AI score0.00206EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/21 9:18 p.m.33 views

CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS0.00288EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/11 6:39 p.m.12 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7.2AI score0.00292EPSS
Exploits0References8
OSV
OSV
added 2026/05/07 12:55 a.m.14 views

GHSA-7V3R-M9C8-R855 Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/16 8:40 p.m.8 views

EUVD-2026-23275

Silverstripe Assets Module has a DBFile::getURL permission bypass...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/16 5:8 p.m.2 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.26 views

AlmaLinux 9 : nodejs:24 (ALSA-2026:7350)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:7350 advisory. nodejs: Nodejs denial of service CVE-2026-21637 brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion CVE-2026-25547...

9.8CVSS5.9AI score0.26356EPSS
Exploits1References20
Cisco
Cisco
added 2026/04/15 4:0 p.m.16 views

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.7 views

RHEL 9 : nodejs:24 (RHSA-2026:7350)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7350 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS7.3AI score0.26356EPSS
Exploits1References38
RedhatCVE
RedhatCVE
added 2026/03/31 10:11 p.m.5 views

CVE-2026-21716

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.8CVSS6.2AI score0.00159EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.6 views

MiracleLinux 9 : nodejs:24 (AXSA:2026-209:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-209:01 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

9.1CVSS6.9AI score0.03782EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/02/20 12:0 a.m.6 views

MiracleLinux 9 : nodejs:22 (AXSA:2026-212:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-212:01 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

9.1CVSS6.9AI score0.03782EPSS
Exploits2References7
OSV
OSV
added 2026/02/18 9:5 a.m.11 views

RLSA-2026:2781 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

7.5CVSS5.6AI score0.03782EPSS
Exploits2References7
Rockylinux
Rockylinux
added 2026/02/18 9:5 a.m.8 views

nodejs:24 security update

An update is available for nodejs, nodejs-nodemon, module.nodejs-packaging, nodejs-packaging, module.nodejs, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS6.6AI score0.03782EPSS
Exploits2
OSV
OSV
added 2026/02/18 9:5 a.m.6 views

RLSA-2026:2782 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

7.5CVSS5.6AI score0.03782EPSS
Exploits2References7
OSV
OSV
added 2026/02/18 9:5 a.m.7 views

RLSA-2026:2783 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

7.5CVSS5.6AI score0.03782EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/02/18 12:0 a.m.5 views

RHEL 10 : nodejs22 (RHSA-2026:2899)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2899 advisory. Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an...

9.1CVSS5.8AI score0.03782EPSS
Exploits2References8
RedHat Linux
RedHat Linux
added 2026/02/17 1:5 a.m.12 views

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

9.1CVSS7.4AI score0.03782EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/02/17 12:0 a.m.4 views

RHEL 9 : nodejs:20 (RHSA-2026:2768)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2768 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.1CVSS5.7AI score0.03782EPSS
Exploits2References8
OSV
OSV
added 2026/02/15 8:45 a.m.5 views

SUSE-SU-2026:20436-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to 22.22.0: - CVE-2025-55130: file system permissions bypass via crafted symlinks bsc1256569. - CVE-2025-55131: timeout-based race conditions allow for allocations that contain leftover data from previous operations and lead to exposure ...

9.1CVSS7.1AI score0.03782EPSS
Exploits2References15
Rows per page
Query Builder