Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/04/06 7:58 a.m.2 views

BIT-NODE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6.3AI score0.00158EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2026/03/30 7:7 p.m.3 views

CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS6.3AI score0.00146EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/03/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-23083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also...

7.7CVSS6.9AI score0.00399EPSS
Exploits0References3
Tenable Nessus
Tenable Nessusadded 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2024-21890

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:...

6.5CVSS6.6AI score0.00945EPSS
Exploits0References2
OSV
OSVadded 2024/12/16 1:59 p.m.12 views

BIT-NODE-MIN-2023-30583

fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...

7.5CVSS6AI score0.0062EPSS
Exploits0References3
BDU FSTEC
BDU FSTECadded 2024/06/10 12:0 a.m.2 views

The vulnerability of the Permission Model component of the Node.js software platform, which allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Permission Model component of the Node.js software platform is related to insufficient technical documentation. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5CVSS6.6AI score0.00945EPSS
Exploits0References5Affected Software2
Hacker One
Hacker Oneadded 2023/07/31 11:0 p.m.32 views

Internet Bug Bounty: OpenSSL engines can be used to bypass and/or disable the Node.js permission model

Arbitrary OpenSSL engines could be loaded in Node.js 20, bypassing and disabling the permission model. This allowed for the execution of arbitrary code, unaffected by the permission model...

7.5CVSS7.4AI score0.01157EPSS
Exploits0
Rows per page
Query Builder