Lucene search
K

8 matches found

Debian CVE
Debian CVE
added 2026/06/26 1:14 a.m.9 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6.4AI score0.00154EPSS
Exploits0
EUVD
EUVD
added 2026/06/18 4:21 p.m.11 views

EUVD-2026-37914

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

1.8CVSS4.7AI score0.00208EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/04/27 7:48 p.m.149 views

Exploit for Improper Access Control in Nodejs Node.Js

CVE-2026-21636 - Node.js Permission Model UDS/Network Bypass...

10CVSS6.6AI score0.00663EPSS
Exploits1
Debian CVE
Debian CVE
added 2026/03/30 7:7 p.m.4 views

CVE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6AI score0.00158EPSS
Exploits0
OSV
OSV
added 2026/02/25 6:49 p.m.6 views

DRUPAL-CONTRIB-2026-016

This module integrates with Islandora, an open-source digital asset management DAM framework. Islandora integrates with various open-source services, which can be run in a distributed environment. The module doesn't sufficiently sanitize URI paths for its custom route used for attaching media to...

5.4CVSS5.2AI score0.00176EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/05 5:35 p.m.3 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated PDFs. Workaround This vulnerability can be...

9.2CVSS6.2AI score0.02058EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2024/02/17 3:21 a.m.4 views

SUSE CVE-2024-21890

The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: --allow-fs-read=/home/node/.ssh/.pub will ignore pub and give access to everything after .ssh/. This misleading documentation affects all users...

7.8CVSS8.2AI score0.00945EPSS
Exploits0References4
OSV
OSV
added 2020/12/22 1:16 p.m.7 views

SUSE-SU-2020:3916-1 Security update for xen

This update for xen fixes the following issues: - CVE-2020-29480: Fixed an issue which could have allowed leak of non-sensitive data to administrator guests bsc117949 XSA-115. - CVE-2020-29481: Fixed an issue which could have allowd to new domains to inherit existing node permissions bsc1179498...

8.8CVSS6.2AI score0.00438EPSS
Exploits0References17
Rows per page
Query Builder