Lucene search
+L

3781 matches found

Cisco
Cisco
added 2026/04/15 4:0 p.m.16 views

Cisco ThousandEyes Enterprise Agent Arbitrary File Overwrite Vulnerability

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are on the local file syst...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/04/15 2:46 p.m.5 views

Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS5.8AI score0.26356EPSS
Exploits0References28
OSV
OSV
added 2026/04/15 2:16 p.m.4 views

SUSE-SU-2026:1363-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to version 20.20.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS6.9AI score0.26356EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2026/04/13 3:54 p.m.6 views

Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to 24.14.1 CVE-2026-21637: synchronous exceptions thrown during certain callbacks bypass the standard TLS error handling paths and can cause a denial of service bsc1256576. CVE-2026-21710: uncaught TypeError exception can cause a denial ...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References36
OSV
OSV
added 2026/04/13 12:29 p.m.3 views

OPENSUSE-SU-2026:20519-1 Security update for nodejs24

This update for nodejs24 fixes the following issues: Update to version 24.14.1. Security issues fixed: - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716:...

7.5CVSS6.8AI score0.26356EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.13 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.2AI score0.00159EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/13 2:27 a.m.5 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.2AI score0.00159EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/11 1:51 a.m.2 views

nodejs: Nodejs filesystem permissions bypass

A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via futimes even when the process has only read permissions. Unlike utimes, futimes does not apply the expected write-permission checks, which means file metadata can be modified in read-on...

5.3CVSS6.6AI score0.00227EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/10 4:3 p.m.2 views

nodejs: Nodejs file permissions bypass

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS7.1AI score0.01633EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2026/04/10 2:47 p.m.2 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.7AI score0.00159EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/10 4:22 a.m.2 views

CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 4:22 a.m.28 views

CVE-2026-4482 Insight Agent Private Key Information Disclosure via Inherited File Permissions

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

6.8CVSS0.00075EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.11 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.3AI score0.00159EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.8 views

RHEL 9 : nodejs:24 (RHSA-2026:7350)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7350 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS7.3AI score0.26356EPSS
Exploits1References38
Cvelist
Cvelist
added 2026/04/08 1:55 p.m.36 views

CVE-2025-57854 Osus-operator: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain OpenShift Update Service OSUS images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, ev...

6.4CVSS0.00145EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/08 1:55 p.m.12 views

CVE-2025-57853

A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

6.4CVSS6.1AI score0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 1:6 a.m.4 views

CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the ATSYMLINKNOFOLLOW flag, which Root.Chmod uses to...

5.8AI score0.00292EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/04 5:35 a.m.7 views

Insecure File Permissions

Claude SDK for Python is vulnerable to insecure file permissions. The vulnerability is due to the memory tool creating files with mode 0o666, where the files are world‑readable on systems with a standard umask and world‑writable in environments with a permissive umask, and a local attacker on a...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/02 8:24 a.m.2 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.7AI score0.00159EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/01 9:15 p.m.11 views

EUVD-2026-17677

Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References4
Rows per page
Query Builder