Astra Linux - уязвимость в chromium

Inappropriate implementation in the FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page. Chromium security severity: Low...

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

RLSA-2026:7675 Important: nodejs24 security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

nodejs:24 security update

An update is available for nodejs, module.nodejs-packaging, nodejs-packaging, module.nodejs, nodejs-nodemon, module.nodejs-nodemon. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

AlmaLinux 9 : nodejs:24 (ALSA-2026:2781)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2781 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-5946...

RHEL 9 : nodejs:22 (RHSA-2026:2782)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:2782 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

RLSA-2026:2420 Important: nodejs:24 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...

GHSA-G4JQ-H2W9-997C Vite middleware may serve files starting with the same name with the public directory

Summary Files starting with the same name with the public directory were served bypassing the server.fs settings. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - uses the public...

CVE-2025-58751

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

CVE-2025-58751 Vite middleware may serve files starting with the same name with the public directory

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

Vite 访问控制错误漏洞

Vite is a new front-end build tool from Vite Open Source. An access control error vulnerability exists in Vite versions prior to 7.1.5, 7.0.7, 6.3.6, and 5.4.20, which stems from file access that bypasses the server.fs setting...

Rocky Linux 8 : nodejs:20 (RLSA-2024:1687)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:1687 advisory. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For exampl...

CVE-2024-23331 Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem

Vite is a frontend tooling framework for javascript. The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area...

PT-2024-19813 · Vite · Vite

Name of the Vulnerable Software and Affected Versions: Vite versions prior to 2.9.17 Vite versions prior to 3.2.8 Vite versions prior to 4.5.2 Vite versions prior to 5.0.12 Description: The Vite dev server option server.fs.deny can be bypassed on case-insensitive file systems using case-augmented...

Input validation

An improper validation of integrity check value vulnerability CWE-354 in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges...

CVE-2023-28002

An improper validation of integrity check value vulnerability CWE-354 in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesyst...

UBUNTU-CVE-2022-4187

Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. Chromium security severity: Medium...

Design/Logic Flaw

Inappropriate implementation in filesystem in Google Chrome on ChromeOS prior to 87.0.4280.66 allowed a remote attacker who had compromised the browser process to bypass noexec restrictions via a malicious file...

CVE-2014-3519

The openbyhandleat function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAPDACREADSEARCH capability to bypass an intended container protection mechanism and access arbitrary files on a filesystem...