25 matches found
CVE-2026-5014
A vulnerability was found in elecV2 elecV2P up to 3.8.3. The affected element is the function path.join of the file /log/ of the component Wildcard Handler. The manipulation results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The...
CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
EUVD-2025-21939
Malicious code in bioql PyPI...
BIT-NODE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
CVE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
CVE-2025-27210
Node.js on Windows is affected by a path.join handling vulnerability affecting drive names (CON, PRN, AUX). CVE-2025-27210 notes an incomplete fix for CVE-2025-23084, indicating Windows device-name handling was not treated as special, causing a path that should be relative to be interpreted with ...
CVE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
CVE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
CVE-2025-27210
An incomplete fix has been identified for CVE-2025-23084 in Node.js, specifically affecting Windows device names like CON, PRN, and AUX. This vulnerability affects Windows users of path.join API...
BIT-NODE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
BIT-NODE-MIN-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
CVE-2025-23084
A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory...
PT-2025-4814 · Node.Js · Node.Js
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special ...
Node.js: Path traversal by drive name in Windows environment
A vulnerability has been identified in the handling of drive names in the Windows environment of Node.js. Certain Node.js functions do not treat drive names as special on Windows, resulting in a path that refers to the root directory instead of a relative path as assumed. This vulnerability affec...
Directory Traversal
serve-lite is vulnerable to Directory Traversal. The vulnerability is due to a a lack of input sanitization in the req.url parameter which is passed as-is to the path.join function, allowing a remote attacker to access system files and retrieve confidential information via malicious input...
GHSA-5QQ4-M6C3-XXMF Directory Traversal vulnerability in serve-lite
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
CVE-2022-21192
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...
CVE-2022-21192
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join...