Lucene search
K

396 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-22660

FlaskBB through 2.2.0, fixed in commit a5da9a5, contains a logic flaw vulnerability that allows authenticated administrators to delete all built-in authorization groups by exploiting a type mismatch in the bulk delete protection check. The bulk AJAX endpoint in the management views compares...

8.6CVSS0.00328EPSS
Exploits0References3
CVE
CVE
added 3 days ago7 views

CVE-2026-22660

FlaskBB

8.6CVSS6AI score0.00328EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:50 p.m.4 views

BIT-NODE-MIN-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.8AI score0.00208EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 2:50 p.m.5 views

BIT-NODE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.14 views

SUSE CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

2.9CVSS5.9AI score0.00208EPSS
Exploits0References7
OSV
OSV
added 2026/06/18 5:16 p.m.4 views

ALPINE-CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.9AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.11 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS0.00208EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 5:16 p.m.6 views

UBUNTU-CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS6.2AI score0.00208EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:21 p.m.7 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/18 4:21 p.m.11 views

EUVD-2026-37914

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 4:21 p.m.43 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS0.00208EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/18 4:21 p.m.8 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.6AI score0.00208EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/18 4:21 p.m.5 views

CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS5.8AI score0.00208EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.13 views

PT-2026-50702

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Permission Model enforcement allows a bypass through path misvalidation in the process.report.writeReport function. This issue can result in a confidentiality...

1.8CVSS5.8AI score0.00208EPSS
Exploits0References108
Hacker One
Hacker One
added 2026/04/24 8:43 a.m.12 views

Node.js: Permission Model Bypass via `process.report.writeReport()` Path Misvalidation

A flaw was discovered in the Node.js permission model that allowed bypassing of security controls via the process.report.writeReport path misvalidation...

1.8CVSS5.3AI score0.00208EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.5 views

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...

3.3CVSS6.3AI score0.00158EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2026/04/08 6:38 p.m.12 views

K000160680: Node.js vulnerability CVE-2026-21636

Security Advisory Description A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets...

10CVSS6.1AI score0.00663EPSS
Exploits1
OSV
OSV
added 2026/04/06 7:58 a.m.4 views

BIT-NODE-MIN-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

3.3CVSS6AI score0.00159EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 7:58 a.m.4 views

BIT-NODE-MIN-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6.3AI score0.00158EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 7:58 a.m.2 views

BIT-NODE-MIN-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS6.5AI score0.00146EPSS
Exploits0References2
Rows per page
Query Builder