Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18 matches found

RedhatCVE
RedhatCVEadded 3 days ago6 views

CVE-2026-48936

A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the --allow-net permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or...

3.3CVSS5.6AI score0.00149EPSS
Exploits0References4
CVE
CVEadded 3 days ago24 views

CVE-2026-48936

CVE-2026-48936: A flaw in the Node.js Permission API can cause a local server to start via a Unix domain socket without the --allow-net permission, affecting the Node.js 26 release line. Connected sources indicate this has been fixed in the nodejs26-26.3.1-1.1 package (openSUSE Tumbleweed) and re...

3.3CVSS6.6AI score0.00149EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 3 days ago37 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS0.00149EPSS
Exploits0References1
Debian CVE
Debian CVEadded 3 days ago8 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6.4AI score0.00149EPSS
Exploits0
GithubExploit
GithubExploitadded 2026/04/27 7:48 p.m.132 views

Exploit for Improper Access Control in Nodejs Node.Js

CVE-2026-21636 - Node.js Permission Model UDS/Network Bypass...

10CVSS6.6AI score0.00663EPSS
Exploits1
OSV
OSVadded 2026/04/06 7:58 a.m.1 views

BIT-NODE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS6.5AI score0.00146EPSS
Exploits0References2
OSV
OSVadded 2026/03/30 8:16 p.m.2 views

UBUNTU-CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS5.8AI score0.00146EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/03/30 7:7 p.m.5 views

CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS5.8AI score0.00146EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/30 7:7 p.m.4 views

CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS6.4AI score0.00146EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2026/03/30 7:7 p.m.3 views

CVE-2026-21711

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS6.3AI score0.00146EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2026/03/30 12:0 a.m.5 views

PT-2026-29099

Name of the Vulnerable Software and Affected Versions Node.js versions 25.x Description A flaw in the Node.js Permission Model’s network enforcement allows Unix Domain Socket UDS server operations to proceed without the necessary permission checks. All other network paths correctly enforce these...

5.3CVSS6.5AI score0.00146EPSS
Exploits0References6
Hacker One
Hacker Oneadded 2026/02/17 8:39 p.m.19 views

Node.js: Node.js Permission Model bypass: UDS server bind/listen works without `--allow-net`

Vulnerability description not provided...

5.3CVSS6.2AI score0.00146EPSS
Exploits0
OSV
OSVadded 2026/02/09 9:30 a.m.3 views

GHSA-6FGP-M6Q4-J3Q5 MCP Run Python Deno Sandbox Misconfiguration Allows SSRF Attacks via Localhost Access

Impact Server-Side Request Forgery SSRF: A security vulnerability exists in the mcp-run-python tool specifically within the Pydantic-AI integration due to an overly permissive Deno sandbox configuration. The tool configures the Deno runtime—which is intended to isolate the execution of untrusted...

5.8CVSS6.2AI score0.00165EPSS
Exploits0References3
NVD
NVDadded 2026/01/20 9:16 p.m.7 views

CVE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

10CVSS0.00663EPSS
Exploits1References1
CVE
CVEadded 2026/01/20 8:41 p.m.25 views

CVE-2026-21636

CVE-2026-21636 describes a security flaw in Node.js’s Permissions model where Unix Domain Socket (UDS) connections can bypass network restrictions even when --allow-net is not enabled. Attacker-controlled inputs (e.g., URLs or socketPath) could reach arbitrary local sockets via net, tls, or undic...

10CVSS5.8AI score0.00663EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/20 8:41 p.m.5 views

CVE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

5.8CVSS5.8AI score0.00663EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/01/20 8:41 p.m.7 views

CVE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

10CVSS5.7AI score0.00663EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVEadded 2023/06/02 2:29 a.m.5 views

SUSE CVE-2023-33966

Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and denoruntime 0.114.0, outbound HTTP requests made using the built-in node:http or node:https modules are incorrectly not checked against the network permission allow list --allow-net. Dependencies relying on these built-in modules...

9.8CVSS6.9AI score0.00625EPSS
Exploits0References3
Rows per page
Query Builder