7263 matches found
Emoji for NodeBB security vulnerability
Emoji for NodeBB is an emoji plugin developed by NodeBB. Version 3.2.1 of Emoji for NodeBB contains a security vulnerability. This vulnerability stems from the possibility of arbitrary file writing through the emoji upload API, which could lead to overwriting system files...
ALPINE-CVE-2025-55130
A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...
CVE-2025-55130
The CVE-2025-55130 entry describes a path traversal bypass in Node.js permission model: crafted relative symlink paths can cause reads/writes outside the allowed directory when --allow-fs-read/--allow-fs-write checks pass, enabling read/write of sensitive files and potential system compromise. Af...
UBUNTU-CVE-2026-23950
node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in the path-reservations system. On case-insensitive or normalization-insensitive filesystems such as macOS APFS, In which it has...
Node.js security vulnerabilities
Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20, 22, 24, and 25 of Node.js contain security vulnerabilities. These vulnerabilities stem from flaws in the permission model, which could allow attackers to bypass file system...
MiracleLinux 7 : gzip-1.5-11.el7 (AXSA:2022-3181:02)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3181:02 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : dotnet8.0-8.0.100-2.el9_3.ML.1 (AXSA:2024-7409:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7409:03 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...
MiracleLinux 7 : xz-5.2.2-2.el7 (AXSA:2022-3278:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3278:01 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : gzip-1.10-9.el9 (AXSA:2022-3914:03)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3914:03 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : xz-5.2.5-8.el9 (AXSA:2022-3977:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3977:03 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : dotnet6.0-6.0.125-1.el9_3.ML.1 (AXSA:2023-7090:29)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7090:29 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...
MiracleLinux 9 : sudo-1.9.5p2-7.el9.1 (AXSA:2023-4872:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4872:03 advisory. sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : sudo-1.8.29-8.el8.1 (AXSA:2023-4844:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4844:01 advisory. sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : rsync-3.2.3-9.el9.2 (AXSA:2022-4046:07)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4046:07 advisory. rsync: remote arbitrary files write inside the directories of connecting peers CVE-2022-29154 Tenable has extracted the preceding description block directly...
MiracleLinux 8 : xz-5.2.4-4.el8 (AXSA:2022-3662:02)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3662:02 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 8 : libreoffice-6.4.7.2-15.el8.ML.1 (AXSA:2023-7259:06)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7259:06 advisory. libreoffice: Empty entry in Java class path CVE-2022-38745 libreoffice: Array index underflow in Calc formula parsing CVE-2023-0950 libreoffice:...
MiracleLinux 8 : gzip-1.9-13.el8 (AXSA:2022-3155:01)
The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3155:01 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...
MiracleLinux 9 : dotnet7.0-7.0.114-1.el9_3.ML.1 (AXSA:2023-7071:33)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-7071:33 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...
MiracleLinux 7 : sudo-1.8.23-10.el7.3 (AXSA:2023-4846:02)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4846:02 advisory. sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809 Tenable has extracted the preceding description block directly from the...
MiracleLinux 7 : rh-nodejs12-nodejs-12.16.1-1.el7 (AXSA:2020-4480:02)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4480:02 advisory. nodejs: HTTP request smuggling using malformed Transfer-Encoding header CVE-2019-15605 nodejs: Remotely trigger an assertion on a TLS server with a...