CVE-2025-54798

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

CVE-2025-54798 tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

CVE-2025-54798 tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

CVE-2025-54798 tmp does not restrict arbitrary temporary file / directory write via symbolic link `dir` parameter

tmp is a temporary file and directory creator for node.js. In versions 0.2.3 and below, tmp is vulnerable to an arbitrary temporary file / directory write via symbolic link dir parameter. This is fixed in version 0.2.4...

CVE-2025-8522

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity o...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-23166]

Summary Node.js is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service. This bulletin provides patch information to address the reported vulnerability in Node.js. CVE-2025-23166 Vulnerability Details...

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...

CLSA-2025-1754412086 nodejs: Fix of CVE-2024-22019

CVE-2024-22019: fix resource exhaustion and DoS vulnerability by limiting number of bytes read from a single connection when handling HTTP requests with chunked encoding...

CVE-2025-54871

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...

CVE-2025-54871 Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...

CVE-2025-54871

CVE-2025-54871 affects Electron Capture (elecap) on macOS. Versions 2.19.1 and earlier expose a TCC bypass: enabling the ELECTRON_RUN_AS_NODE environment variable allows arbitrary Node.js code to run via the -e flag inside the main Electron context, inheriting existing TCC entitlements (e.g., acc...

Electron Capture 安全漏洞

Electron Capture is a window capture software by Steve Seguin Personal Developer. A security vulnerability exists in Electron Capture 2.19.1 and earlier versions, which stems from a vulnerability that allows bypassing macOS TCC privacy protections and could lead to arbitrary Node.js code executio...

Node.js 18.x < 18.20.6 / 20.x < 20.18.2 / 22.x < 22.13.1 / 23.x < 23.6.1 Multiple Vulnerabilities (Tuesday, January 21, 2025 Security Releases).

The version of Node.js installed on the remote host is prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1. It is, therefore, affected by multiple vulnerabilities as referenced in the Tuesday, January 21, 2025 Security Releases advisory. - A vulnerability has been identified in Node.js, specifically...

PT-2025-31890 · Unknown · Electroncapture

Name of the Vulnerable Software and Affected Versions: Electron Capture versions 2.19.1 and below Description: Electron Capture facilitates video playback for screen-sharing and capture. The elecap app on macOS allows local unprivileged users to bypass macOS TCC Transparency, Consent, and Control...

CVE-2025-8522

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity o...

CVE-2025-8522 givanz Vvvebjs node.js save.php path traversal

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity o...

CVE-2025-8522 givanz Vvvebjs node.js save.php path traversal

A vulnerability, which was classified as critical, was found in givanz Vvvebjs up to 2.0.4. Affected is an unknown function of the file /save.php of the component node.js. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The complexity o...

CVE-2025-8522

CVE-2025-8522 affects givanz Vvvebjs up to version 2.0.4, where a vulnerability in the node.js component allows path traversal via the File argument in the file /save.php. Remote exploitation is possible with high attack complexity; exploitability is reported as difficult, and a public exploit ex...

nodejs:22 security update

nodejs 1:22.16.0-2 - Patch fix for CVE-2025-6965 Resolves: RHEL-103851 nodejs-nodemon nodejs-packaging...

RLSA-2025:11802 Important: nodejs:22 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...