Lucene search
+L

29 matches found

redhatcve
redhatcve
added 2026/07/08 2:52 p.m.5 views

CVE-2026-53422

A flaw was found in Erlang OTP's Secure Shell SSH component, specifically within the SSH File Transfer Protocol SFTP daemon's sshsftpd module. An authenticated SFTP user can exploit an observable response discrepancy in the REALPATH handler to enumerate the existence of files and directories...

4.3CVSS5.9AI score0.00262EPSS
Exploits0References10
euvd
euvd
added 2026/07/02 4:6 p.m.7 views

EUVD-2026-41410

Observable Response Discrepancy vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSHFXPREALPATH handler in sshsftpd calls relatefilename/3 with Canonicalize=false, unlik...

2.3CVSS5.8AI score0.00262EPSS
Exploits0References7
suse
suse
added 2026/04/20 10:9 a.m.5 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References28
snyk
snyk
added 2026/04/18 1:9 a.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through improper validation of user-supplied paths in the prefixed function. An attacker can read or write arbitrary files, create directories, and enumerate files outside the intended root directory by sending...

9.6CVSS6.3AI score0.00393EPSS
Exploits1References2
euvd
euvd
added 2026/03/30 9:31 p.m.3 views

EUVD-2026-17178

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6.3AI score0.00158EPSS
Exploits0References2
cve
cve
added 2026/03/30 7:7 p.m.23 views

CVE-2026-21715

The CVE-2026-21715 issue affects Node.js in the 20.x, 22.x, 24.x and 25.x streams with the Permission Model. The root cause is that fs.realpathSync.native() bypasses required read-permission checks, allowing code running with --permission and restricted --allow-fs-read to reveal file existence, r...

3.3CVSS6.5AI score0.00158EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/03/30 7:7 p.m.4 views

CVE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS5.9AI score0.00158EPSS
Exploits0References2Affected Software1
alpinelinux
alpinelinux
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21715

A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under --permission with restricted --allow-fs-read can still use...

3.3CVSS6.5AI score0.00158EPSS
Exploits0
snyk
snyk
added 2026/03/26 8:11 a.m.6 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the fs.realpathSync.native function. An attacker running malicious code within a restricted Node.js environment where --allow-fs-read is intentionally limited can exploit this missing check to verify file...

4.8CVSS6.3AI score0.00158EPSS
Exploits0References2
nessus
nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-21715

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js Permission Model filesystem enforcement leaves fs.realpathSync.native without the required read permission checks, while all comparable...

3.3CVSS6.5AI score0.00158EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/19 6:0 p.m.3 views

CVE-2026-23620 GFI MailEssentials AI < 22.4 ListServer.IsDBExist() Absolute Directory Traversal to File Enumeration

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary file existence enumeration vulnerability in the ListServer.IsDBExist web method exposed at /MailEssentials/pages/MailSecurity/ListServer.aspx/IsDBExist. An authenticated user can supply an unrestricted filesystem path via the JSON...

5.3CVSS6AI score0.00183EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/03 9:18 p.m.3 views

CVE-2025-34171 CasaOS <= 0.4.15 Unauthenticated File and Debug Data Exposure

CasaOS versions up to and including 0.4.15 expose multiple unauthenticated endpoints that allow remote attackers to retrieve sensitive configuration files and system debug information. The /v1/users/image endpoint can be abused with a user-controlled path parameter to access files under...

6.9CVSS6.2AI score0.00548EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-6333

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00581EPSS
Exploits0References4
euvd
euvd
added 2025/10/03 8:7 p.m.11 views

EUVD-2023-0347

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.01201EPSS
Exploits0References2
osv
osv
added 2024/11/27 5:15 p.m.6 views

CVE-2024-54004

Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system...

4.3CVSS5.8AI score0.00812EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/07/15 11:57 a.m.31 views

CVE-2024-5402 Mint Workbench I Unquoted Service Path Enumeration

Unquoted Search Path or Element vulnerability in ABB Mint Workbench. A local attacker who successfully exploited this vulnerability could gain elevated privileges by inserting an executable file in the path of the affected service. This issue affects Mint Workbench I versions: from 5866 before 58...

7.8CVSS7.1AI score0.0018EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/06/27 12:0 a.m.4 views

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs version 9.6 that stems from vulnerability to a path traversal attack, which allows an attacker to write an audio file to an arbitrary location on the...

7.3CVSS6.9AI score0.0052EPSS
Exploits0References2
nvd
nvd
added 2023/11/01 3:15 a.m.20 views

CVE-2023-5514

The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure...

5.3CVSS5.3AI score0.00377EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/06/19 8:10 p.m.9 views

CVE-2023-3315

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system...

4.4AI score0.00497EPSS
Exploits0References1
githubexploit
githubexploit
added 2023/03/21 5:5 p.m.488 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ibexa Ezplatform-Graphql

CVE-2022-41876 - eZ Platform user information disclosure A vu...

7.5CVSS5.3AI score0.01295EPSS
Exploits1
Rows per page
Query Builder