Lucene search
K

11 matches found

IBM Security Bulletins
IBM Security Bulletins
β€’added 2025/09/30 3:23 p.m.β€’5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') due to Node.js ( CVE-2025-27210 )

Summary IBM App Connect Enterprise is vulnerable to Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' due to Node.js . Vulnerability Details CVEID:CVE-2025-27210 DESCRIPTION: An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting...

7.5CVSS6.5AI score0.09752EPSS
Exploits5Affected Software1
Tenable Nessus
Tenable Nessus
β€’added 2025/07/24 12:0 a.m.β€’3 views

Photon OS 4.0: Nodejs PHSA-2025-4.0-0839

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0839. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7.8AI score0.09752EPSS
Exploits5References2
RedhatCVE
RedhatCVE
β€’added 2025/07/20 11:8 p.m.β€’30 views

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

7.5CVSS5.6AI score0.09752EPSS
Exploits5References1
NVD
NVD
β€’added 2025/07/18 11:15 p.m.β€’16 views

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

7.5CVSS0.09752EPSS
Exploits5References2
CVE
CVE
β€’added 2025/07/18 10:54 p.m.β€’61 views

CVE-2025-27210

Node.js on Windows is affected by a path.join handling vulnerability affecting drive names (CON, PRN, AUX). CVE-2025-27210 notes an incomplete fix for CVE-2025-23084, indicating Windows device-name handling was not treated as special, causing a path that should be relative to be interpreted with ...

7.5CVSS6.9AI score0.09752EPSS
Exploits5References2
Debian CVE
Debian CVE
β€’added 2025/07/18 10:54 p.m.β€’11 views

CVE-2025-27210

An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...

7.5CVSS7.6AI score0.09752EPSS
Exploits5
GithubExploit
GithubExploit
β€’added 2025/07/18 11:57 a.m.β€’528 views

Exploit for CVE-2025-27210

πŸ”“ CVE-2025-27210 – High-Severity Path Traversal in Node.js o...

7.5CVSS6.4AI score0.09752EPSS
Exploits5
Hacker One
Hacker One
β€’added 2025/07/16 11:13 a.m.β€’18 views

Node.js: Windows Device Names Still Allow Path Traversal in UNC Paths After CVE-2025-27210 Fix

Summary: I found that Windows device names CON, PRN, AUX, etc. can still be used for path traversal attacks when working with UNC network paths, even after the CVE-2025-27210 patch. So basically, the fix only covered regular paths but missed the UNC path scenario when using path.join Description:...

7.5CVSS7.4AI score0.09752EPSS
Exploits5
GithubExploit
GithubExploit
β€’added 2025/07/16 5:33 a.m.β€’666 views

Exploit for CVE-2025-27210

CVE-2025-27210NodeJSPathTraversalExploiter Proof of Conce...

7.5CVSS7.4AI score0.09752EPSS
Exploits5
Exploit DB
Exploit DB
β€’added 2025/07/16 12:0 a.m.β€’323 views

NodeJS 24.x - Path Traversal

Exploit Title : NodeJS 24.x - Path Traversal Exploit Author : Abdualhadi khalifa CVE : CVE-2025-27210 import argparse import requests import urllib.parse import json import sys def exploitpathtraversalprecisetargeturl: str, targetfile: str, method: str - dict: traversesequence = "..\" 6...

7.5CVSS5.7AI score0.09752EPSS
Exploits5
Packet Storm News
Packet Storm News
β€’added 2025/07/16 12:0 a.m.β€’3 views

NodeJS 24.x Path Traversal

Proof of concept exploit for CVE-2025-27210, a precise path traversal vulnerability affecting Node.js applications running on Microsoft Windows. This vulnerability leverages the specific way Windows handles reserved device file names e.g., AUX, CON, NUL when combined with directory traversal...

7.5CVSS7.5AI score0.09752EPSS
Exploits5
Rows per page
Query Builder