Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/25 8:4 p.m.4 views

CVE-2026-55388

A flaw was found in piscina, a Node.js worker pool implementation. This vulnerability allows an attacker to achieve arbitrary code execution by exploiting a prototype pollution issue. By manipulating the filename option, an attacker can cause their malicious code to be executed within the worker,...

8.1CVSS6.4AI score0.00296EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-55388

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When...

8.1CVSS0.00296EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 4:50 p.m.33 views

CVE-2026-55388 piscina: Prototype Pollution Gadget → RCE via inherited options.filename

piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run paths read the filename option via plain member access. Both reads fall through the prototype chain when the caller's options object doesn't have filename as an own property. When...

8.1CVSS0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 1:5 p.m.4 views

GHSA-X9G3-XRWR-CWFG piscina: Prototype Pollution Gadget → RCE via inherited options.filename

Summary piscina's constructor and run paths read the filename option via plain member access: js // dist/index.js line 92 constructor const filename = options.filename ? 0, common1.maybeFileURLToPathoptions.filename : null; this.options = ...kDefaultOptions, ...options, filename, maxQueue: 0 ; //...

8.1CVSS5.5AI score0.00296EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:33 p.m.18 views

OESA-2026-2276 python-python-multipart security update

A streaming multipart parser for Python Security Fixes: Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options UPLOADDIR and UPLOADKEEPFILENAME=True. An attacker can write uploaded...

8.6CVSS6.9AI score0.02228EPSS
Exploits5References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:30 a.m.2 views

SUSE CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

7.8CVSS7.1AI score0.00577EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2022/12/20 12:0 a.m.2 views

CVE-2022-4515

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

7.7AI score0.00577EPSS
Exploits1References2
OSV
OSV
added 2021/02/26 10:15 p.m.23 views

CVE-2021-26567

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options...

7.8CVSS8.1AI score
Exploits0References2
Cvelist
Cvelist
added 2021/02/26 9:45 p.m.28 views

CVE-2021-26567

Stack-based buffer overflow vulnerability in frontend/main.c in faad2 before 2.2.7.1 allow local attackers to execute arbitrary code via filename and pathname options...

9.3AI score0.01129EPSS
Exploits0References2
Snyk
Snyk
added 2016/12/06 12:0 a.m.3 views

Cross-site Scripting (XSS)

Overview ejs is a popular JavaScript templating engine. Affected versions of the package are vulnerable to Cross-site Scripting by letting the attacker under certain conditions control and override the filename option causing it to render the value as is, without escaping it. You can read more...

5.9CVSS6.9AI score
Exploits0References2
Rows per page
Query Builder