CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

RedHat Linux•added 2026/04/09 8:27 p.m.•3 views

Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions

A flaw was found in Node.js. The Node.js Permission Model, intended to restrict filesystem access, does not properly enforce read permission checks for the fs.realpathSync.native function. This vulnerability allows code operating under --permission with restricted --allow-fs-read flags to bypass...

3.3CVSS6.3AI score0.00005EPSS

Exploits0References5

CNNVD•added 2026/03/30 12:0 a.m.•2 views

Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Security vulnerabilities exist in Node.js versions 20.x, 22.x, 24.x, and 25.x. These vulnerabilities stem from a lack of permission checks for the fs.realpathSync.native method during the...

3.3CVSS6.7AI score0.00005EPSS

Exploits0References1

Veracode•added 2026/03/11 7:32 a.m.•5 views

Path Traversal

Node.js is vulnerable to Path Traversal. The vulnerability is due to improper validation of relative symlink paths in the permissions model, allowing attackers to chain directories and symlinks to bypass --allow-fs-read and --allow-fs-write restrictions and access files outside the permitted...

9.1CVSS5.8AI score0.00016EPSS

Exploits2References2Affected Software1

OSV•added 2026/01/26 2:47 p.m.•4 views

BIT-NODE-MIN-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS6AI score0.00016EPSS

Exploits2References2

ATTACKERKB•added 2026/01/20 8:41 p.m.•5 views

CVE-2025-55130

9.1CVSS5.6AI score0.00016EPSS

Exploits2References2Affected Software1

CNNVD•added 2026/01/20 12:0 a.m.•0 views

Node.js security vulnerabilities

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20, 22, 24, and 25 of Node.js contain security vulnerabilities. These vulnerabilities stem from flaws in the permission model, which could allow attackers to bypass file system...

9.1CVSS7.1AI score0.00016EPSS

Exploits2References2

RedhatCVE•added 2026/01/09 8:37 a.m.•6 views

CVE-2019-11628

An issue was discovered in QlikView Server before 11.20 SR19, 12.00 and 12.10 before 12.10 SR11, 12.20 before SR9, and 12.30 before SR2; and Qlik Sense Enterprise and Qlik Analytics Platform installations that lack these patch levels: February 2018 Patch 4, April 2018 Patch 3, June 2018 Patch 3,...

8.2CVSS6.6AI score0.0034EPSS

Exploits0References1