Lucene search
K

2999 matches found

osv
osv
added 2026/06/29 5:48 a.m.6 views

BIT-NODE-MIN-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.6AI score0.00154EPSS
Exploits0References2
osv
osv
added 2026/06/29 5:48 a.m.4 views

BIT-NODE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS7.1AI score0.00154EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/26 10:40 p.m.10 views

CVE-2026-48935

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Mitigation Mitigation for this issue is either not...

3.3CVSS5.6AI score0.00154EPSS
Exploits0References4
osv
osv
added 2026/06/26 2:16 a.m.8 views

ALPINE-CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS5.8AI score0.00154EPSS
Exploits0References1
nvd
nvd
added 2026/06/26 2:16 a.m.11 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 1:14 a.m.42 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
cve
cve
added 2026/06/26 1:14 a.m.27 views

CVE-2026-48935

A vulnerability (CVE-2026-48935) in Node.js Permission API can bypass read‑only restrictions via FileHandle.utimes() in the promises API, allowing metadata modification on a read‑only path. Affected releases include Node.js 22, 24, and 26. The issue is addressed in the openSUSE/SUSE patch for nod...

3.3CVSS6.6AI score0.00154EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/06/26 1:14 a.m.7 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0References2Affected Software1
euvd
euvd
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39608

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.2AI score0.00154EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/26 1:14 a.m.10 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/06/26 1:14 a.m.8 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.6AI score0.00154EPSS
Exploits0
osv
osv
added 2026/06/25 6:43 p.m.6 views

GO-2026-5392 BoxLite: Permission Bypass Allows Modification of Read-Only Files in github.com/boxlite-ai/boxlite/sdks/go

BoxLite: Permission Bypass Allows Modification of Read-Only Files in github.com/boxlite-ai/boxlite/sdks/go...

10CVSS5.8AI score0.00289EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/24 8:45 p.m.8 views

CVE-2026-52944

A flaw was found in the Linux kernel's ksmbd component. This vulnerability allows a client to bypass intended permission restrictions by using the FSCTLSETSPARSE operation. Specifically, a client on a read-only share can modify a file's sparse attribute, and clients on writable shares can modify...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/24 8:30 p.m.26 views

CVE-2026-52810 Gogs: Write to readonly repositories using receive-pack + service=git-upload-pack confusion

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS0.00427EPSS
Exploits0References4
cve
cve
added 2026/06/24 8:30 p.m.11 views

CVE-2026-52810

CVE-2026-52810 affects Gogs (Git self-hosted) where the authorization policy is derived from the client-supplied service parameter (e.g., service=git-upload-pack) instead of the actual RPC path. Consequently, requests to the write endpoint /repo.git/git-receive-pack can be treated as read, while ...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References4
euvd
euvd
added 2026/06/24 4:30 p.m.5 views

EUVD-2026-38928

In the Linux kernel, the following vulnerability has been resolved: dm cache metadata: fix memory leak on metadata abort retry When failing to acquire the rootlock in dmcachemetadataabort because the blockmanager is read-only, the temporary blockmanager created outside the rootlock is not properl...

5.7AI score0.00184EPSS
Exploits0References8
astralinux
astralinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Rejects new transactions if the file system is fully read-only. BUG There is a bug report where a heavily fuzzed file system is mounted with all rescue mount options. This leads to the following warnings during unmount:...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: smb/client: fixed a memory leak in smb2openfile Reproducing steps: 1. Server: Directories are exported as read-only. 2. Client: mount -t cifs //$serverip/export /mnt. 3. Client: dd if=/dev/zero of=/mnt/file bs=512 count=1000...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: NFS: Automounted file systems should inherit the “ro”, “noexec”, “nodev”, and “sync” flags. When a file system is automatically mounted, it needs to preserve the user-set superblock mount options, such as the “ro” flag...

6AI score0.00165EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the bpfxdpstorebytes proto for read-only arguments. While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier threw the following...

5.5CVSS6.2AI score0.0016EPSS
Exploits0References2
Rows per page
Query Builder