4389 matches found
CVE-2026-27699
The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in versions prior to 5.2.0 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing path traversal sequences ../ that cause files to be written outside the...
📄 Termius 9.9.0 Remote Code Execution
This Metasploit module demonstrates a remote code execution vulnerability in the Termius Electron application caused by an exposed symbol in the global JavaScript Symbol Registry. By accessing a shared Symbol.for key that unintentionally references preloaded Node.js modules, attacker-controlled...
CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused
Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...
PT-2026-21375
Name of the Vulnerable Software and Affected Versions OneUptime versions 9.5.13 and below Description OneUptime is a solution for monitoring and managing online services. The custom JavaScript monitor feature utilizes Node.js's node:vm module, which is explicitly documented as not being a securit...
MiracleLinux 9 : nodejs:24 (AXSA:2026-209:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-209:01 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...
MiracleLinux 9 : nodejs:22 (AXSA:2026-212:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-212:01 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service...
GHSA-HMH4-3XVX-Q5HR Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Summary A command injection vulnerability exists in Deno's node:childprocess implementation. Reproduction javascript import spawnSync from "node:childprocess"; import as fs from "node:fs"; // Cleanup try fs.unlinkSync'/tmp/rceproof'; catch // Create legitimate script...
DEBIAN-CVE-2026-26280
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
UBUNTU-CVE-2026-26280
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
RHSA-2026:2899 Red Hat Security Advisory: nodejs22 security update
Bulletin has no description...
CLEANSTART-2026-LN12820 vulnerability has been identified in Node
Multiple security vulnerabilities affect the nodejs package. A vulnerability has been identified in Node. See references for individual vulnerability details...
Oracle Linux 9 : nodejs:20 (ELSA-2026-2783)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2783 advisory. - Resolves: CVE-2022-25883 - Resolves: CVE-2021-35065 - Rebase to 2.0.20 Resolves: CVE-2022-3517 - Resolves CVE-2020-28469 Tenable has extracted the...
SUSE SLES16 Security Update : nodejs22 (SUSE-SU-2026:20436-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:20436-1 advisory. Update to 22.22.0: - CVE-2025-55130: file system permissions bypass via crafted symlinks bsc1256569. - CVE-2025-55131: timeout-bas...
AlmaLinux 9 : nodejs:24 (ALSA-2026:2781)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2781 advisory. nodejs: Nodejs filesystem permissions bypass CVE-2025-55132 nodejs: Nodejs denial of service CVE-2026-21637 nodejs: Nodejs denial of service CVE-2025-5946...
Oracle Linux 9 : nodejs:22 (ELSA-2026-2782)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2782 advisory. - Resolves: CVE-2022-25883 - Resolves: CVE-2021-35065 - Rebase to 2.0.20 Resolves: CVE-2022-3517 - Resolves CVE-2020-28469 Tenable has extracted the...
RHSA-2026:2864 Red Hat Security Advisory: nodejs:22 security update
Bulletin has no description...
RHSA-2026:2782 Red Hat Security Advisory: nodejs:22 security update
Bulletin has no description...