CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

Positive Technologies•added 2026/03/10 12:0 a.m.•2 views

PT-2026-24182

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.0 Description The layout, render, and include tags are susceptible to arbitrary file access through absolute paths. This can occur when paths are provided as string literals or through Liquid variables,...

8.7CVSS5.9AI score0.00021EPSS

Exploits1References7

IBM Security Bulletins•added 2025/10/31 11:17 a.m.•10 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality [CVE-2025-59343]

Summary Node.js module tar-fs is used by IBM App Connect Enterprise Certified Container for processing tar files and streams. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported...

8.7CVSS6.4AI score0.00033EPSS

Exploits0Affected Software1

RedHat Linux•added 2025/10/22 1:21 p.m.•1 views

tar-fs: tar-fs symlink validation bypass

A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball...

8.7CVSS7AI score0.00033EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2013-4167

Malware in sbrugna...

10CVSS9AI score0.07064EPSS

Exploits0References4

Hacker One•added 2023/04/29 10:43 p.m.•34 views

Node.js: fs module's file watching is not restricted by --allow-fs-read

The fs module's file watching feature in Deno was not restricted by the --allow-fs-read flag, allowing attackers to watch files they did not have read access to...

5.3CVSS5.8AI score0.00098EPSS

Exploits0

Tenable Nessus•added 2022/02/09 12:0 a.m.•36 views

Rocky Linux 8 : kernel-rt (RLSA-2021:4140)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4140 advisory. - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. CVE-2021-0129 - A...

7.8CVSS6.5AI score0.00161EPSS

Exploits1References50

Hacker One•added 2021/03/22 9:56 a.m.•30 views

Open-Xchange: Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt

0x01 Path Traversal in dict-fs module If we use fs to store dictionaries, when program get the value of key: static int fsdictlookupstruct dict dict, poolt pool, const char key, const char valuer, const char errorr struct fsdict dict = struct fsdict dict; struct fsfile file; struct istream input;...

2.1CVSS1.8AI score0.00762EPSS

Exploits0

Prion•added 2020/02/11 12:15 p.m.•13 views

Code injection

Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 archivename parameter to the Power FS module plugins/action.powerfs/class.PowerFSController.php, a 2 file name to the getTrustSizeOnFileSystem function in the File System Standard modu...

10CVSS7.8AI score0.07064EPSS

Exploits0References3Affected Software1

Fedora•added 2016/04/06 2:13 p.m.•11 views

[SECURITY] Fedora 24 Update: nodejs-fs-ext-0.5.0-9.fc24

Extensions to core 'fs' module for Node.js...

1.8AI score

Exploits0

Fedora•added 2013/07/23 1:4 a.m.•15 views

[SECURITY] Fedora 19 Update: nodejs-graceful-fs-2.0.0-2.fc19

Just like node.js' fs module, but it does an incremental back-off when EMFI LE is encountered. Useful in asynchronous situations where one needs to try to o pen lots and lots of files...

3.3CVSS1.6AI score0.00104EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by