Lucene search
+L

7 matches found

SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.16 views

SUSE CVE-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

2.9CVSS5.9AI score0.00208EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/18 5:18 p.m.5 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass via the process.report.writeReport function. An attacker can bypass intended security restrictions by exploiting path misvalidation. Note: This is only exploitable if the Node.js Permission Model is enabled and...

3.1CVSS5.4AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2026/04/06 7:58 a.m.6 views

BIT-NODE-MIN-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6.3AI score0.00158EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/30 9:31 p.m.7 views

EUVD-2026-17172

A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket UDS server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under --permission without --allow-net can create and expose local IP...

5.3CVSS6AI score0.00146EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 8:16 p.m.5 views

CVE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29099

Name of the Vulnerable Software and Affected Versions Node.js versions 25.x Description A flaw in the Node.js Permission Model’s network enforcement allows Unix Domain Socket UDS server operations to proceed without the necessary permission checks. All other network paths correctly enforce these...

5.3CVSS6.5AI score0.00146EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-21715

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable...

3.3CVSS6.5AI score0.00158EPSS
Exploits0References3
Rows per page
Query Builder