Lucene search
K

11 matches found

OSV
OSV
added 5 days ago4 views

ALPINE-CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS5.8AI score0.00149EPSS
Exploits0References1
Debian CVE
Debian CVE
added 5 days ago8 views

CVE-2026-48935

A flaw in Node.js Permission API can cause a file metadata to be modified even on a path that was set as read-only with e.g. --allow-fs-read. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.3CVSS6.4AI score0.00149EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCBAIORW before the conversion of struct aiokiocb. The first argument of kiocbset Cancelfn may point to a struct kiocb that is not embedded within struct aiokiocb. With the current code, depending on the compiler,...

5.5CVSS5.8AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 1:13 a.m.27 views

CVE-2025-12050 In H2OFFT32.sys is potentially vulnerable to a buffer overflow.

The drivers in the tool packages use RTLQUERYREGISTRYDIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow...

7.8CVSS0.00157EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/08 12:49 a.m.8 views

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS0.00178EPSS
Exploits1References5
CVE
CVE
added 2025/10/08 12:49 a.m.15 views

CVE-2025-61786

CVE-2025-61786 affects the Deno runtime: prior to versions 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync bypass the permission check when --deny-read=./ is used, allowing retrieval of file stats from files the user does not have explicit read access to. The vulne...

3.3CVSS6.2AI score0.00178EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/10/08 12:49 a.m.5 views

CVE-2025-61786 Deno's --deny-read check does not prevent permission bypass

Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, Deno.FsFile.prototype.stat and Deno.FsFile.prototype.statSync are not limited by the permission model check --deny-read=./. It's possible to retrieve stats from files that the user do not have explic...

3.3CVSS6.3AI score0.00178EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2025/08/25 2:20 p.m.183 views

Exploit for OS Command Injection in Php

CVE-2024-4577 CTF Challenge Overview This CTF challenge de...

9.8CVSS8.6AI score0.99987EPSS
Exploits64
OSV
OSV
added 2024/07/12 7:29 a.m.24 views

BIT-NODE-2024-22018

A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve...

2.9CVSS5AI score0.00458EPSS
Exploits0References7
CVE
CVE
added 2023/09/12 1:36 a.m.100 views

CVE-2023-32005

CVE-2023-32005 affects Node.js 20 when using the experimental permission model. The issue stems from an inadequate permission model that fails to restrict file stats via fs.statfs, allowing a user with --allow-fs-read and a non-* path to retrieve stats on files they do not have read access to. Af...

5.3CVSS6.6AI score0.01191EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/06/22 2:38 a.m.2 views

SUSE CVE-2023-30583

fs.openAsBlob can bypass the experimental permission model when using the file system read restriction with the --allow-fs-read flag in Node.js 20. This flaw arises from a missing check in the fs.openAsBlob API. Please note that at the time this CVE was issued, the permission model is an...

7.5CVSS9AI score0.00722EPSS
Exploits0References3
Rows per page
Query Builder