CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

Packet Storm•added 2026/01/23 12:0 a.m.•136 views

📄 NodeJS 24.x Path Traversal

NodeJS version 24.x precise windows path traversal proof of concept exploit that leverages reserved device names. ============================================================================================================================================= | Title : NodeJS 24.x Precise Windows Pat...

7.5CVSS5.4AI score0.09752EPSS

Exploits5

Veracode•added 2026/01/14 6:57 a.m.•7 views

Arbitrary File Access

Werkzeug is vulnerable to Arbitrary File Access. The vulnerability is due to insufficient validation in the safejoin function on Windows, where path segments using reserved device names such as CON or AUX with extensions or trailing spaces are allowed, enabling attackers to access special device...

6.3CVSS5.9AI score0.00424EPSS

Exploits0References2Affected Software1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-49585

Malicious code in bioql PyPI...

5.3CVSS6.8AI score0.00903EPSS

Exploits0References4

Microsoft CVE•added 2025/09/04 7:55 a.m.•5 views

Incorrect detection of reserved device names on Windows in path/filepath

...

5.3CVSS9.3AI score0.00903EPSS

Exploits0

Packet Storm News•added 2025/07/16 12:0 a.m.•2 views

NodeJS 24.x Path Traversal

Proof of concept exploit for CVE-2025-27210, a precise path traversal vulnerability affecting Node.js applications running on Microsoft Windows. This vulnerability leverages the specific way Windows handles reserved device file names e.g., AUX, CON, NUL when combined with directory traversal...

7.5CVSS7.5AI score0.09752EPSS

Exploits5

RustSec•added 2024/05/22 12:0 p.m.•6 views

Refs and paths with reserved Windows device names access the devices

Summary On Windows, fetching refs that clash with legacy device names reads from the devices, and checking out paths that clash with such names writes arbitrary data to the devices. This allows a repository, when cloned, to cause indefinite blocking or the production of arbitrary message that...

5.4CVSS7.1AI score0.00448EPSS

Exploits0Affected Software1

OSV•added 2024/03/06 10:52 a.m.•28 views

BIT-GOLANG-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports the...

5.3CVSS6.1AI score0.00903EPSS

Exploits0References5

Tenable Nessus•added 2024/01/09 12:0 a.m.•36 views

Amazon Linux 2 : golang (ALAS-2024-2388)

The version of golang installed on the remote host is prior to 1.20.12-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2388 advisory. A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many...

7.5CVSS7.3AI score0.02758EPSS

Exploits0References8

Tenable Nessus•added 2023/12/21 12:0 a.m.•36 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21-openssl (SUSE-SU-2023:4931-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4931-1 advisory. Update to version 1.21.5.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:...

7.5CVSS6.8AI score0.01208EPSS

Exploits0References11

Tenable Nessus•added 2023/12/21 12:0 a.m.•33 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20-openssl (SUSE-SU-2023:4930-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4930-1 advisory. Update to version 1.20.12.1: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses...

7.5CVSS6.8AI score0.01208EPSS

Exploits0References11

Tenable Nessus•added 2023/12/12 12:0 a.m.•28 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4708-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4708-1 advisory. Update to go1.20.12: - CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// sche...

7.5CVSS6.8AI score0.01208EPSS

Exploits0References11

Tenable Nessus•added 2023/11/17 12:0 a.m.•29 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:4470-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4470-1 advisory. go1.20.11 released 2023-11-07 includes security fixes to the path/filepath package, as well as b...

7.5CVSS6.7AI score0.02758EPSS

Exploits0References8

Tenable Nessus•added 2023/11/17 12:0 a.m.•31 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.21 (SUSE-SU-2023:4471-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4471-1 advisory. go1.21.4 released 2023-11-07 includes security fixes to the path/filepath package, as well as bu...

7.5CVSS6.7AI score0.02758EPSS

Exploits0References8