Lucene search
K

13 matches found

OSV
OSV
added 2026/01/26 2:47 p.m.7 views

BIT-NODE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

9.1CVSS6AI score0.01633EPSS
Exploits2References21
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: nodejs (CVE-2025-23165)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23165 advisory. - In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a UTF-1...

3.7CVSS5.8AI score0.0048EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-57520

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the actioncreateconfig function. NOTE: this is dispute...

9.8CVSS6.2AI score0.01026EPSS
Exploits0References3
CVE
CVE
added 2025/05/19 1:25 a.m.38 views

CVE-2025-23122

CVE-2025-23122 is a duplicate entry of CVE-2025-23165 and is not an active vulnerability on its own. Connected sources provide concrete details for CVE-2025-23165: in Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uv_fs_s.file when a UTF-16 path buffer is ov...

7.2AI score
Exploits0
CVE
CVE
added 2025/02/05 12:0 a.m.76 views

CVE-2024-57520

CVE-2024-57520 affects Asterisk v22 with an Insecure Permissions vulnerability in the action_createconfig function that could allow a remote attacker to execute arbitrary code. The supplier disputes the impact, noting the effect may be limited to creating empty files outside the Asterisk product ...

9.8CVSS7.2AI score0.01026EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/22 2:15 a.m.12 views

CVE-2025-23083

With the aid of the diagnosticschannel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage...

7.7CVSS6.7AI score0.00413EPSS
Exploits0References4
NVD
NVD
added 2024/12/02 6:15 p.m.14 views

CVE-2024-53566

An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...

5.5CVSS0.00292EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/02 12:0 a.m.25 views

CVE-2024-53566

An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...

0.00292EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/02 12:0 a.m.10 views

CVE-2024-53566

An issue in the actionlistcategories function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal...

7.1AI score0.00292EPSS
Exploits0References2
OSV
OSV
added 2023/12/30 5:55 p.m.10 views

MAL-2023-8776 Malicious code in discord.js-self-v22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 672d9ccd18153a9163f1f9a63ec5d765f412cf86a198d526fb04ecc5aa6eab3f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
CVE
CVE
added 2023/07/06 12:0 a.m.74 views

CVE-2023-37192

Bitcoin Core (v22) is affected by a memory management/protection issue that allows an attacker to modify the stored sending address in the application’s memory, potentially redirecting transactions to wallets of the attacker’s choosing. The vulnerability concerns the core wallet handling path and...

7.5CVSS7.4AI score0.0057EPSS
Exploits1References3Affected Software1
Cloud Foundry
Cloud Foundry
added 2017/04/04 12:0 a.m.43 views

CVE-2017-4964: BOSH Azure CPI code injection vulnerability | Cloud Foundry

Severity Medium Vendor Cloud Foundry Foundation Versions Affected BOSH Azure CPI Release v22 Description The BOSH Azure CPI could potentially allow a maliciously crafted stemcell to execute arbitrary code on VMs created by the director. Mitigation OSS users are strongly encouraged to follow the...

8.8CVSS9AI score0.00462EPSS
Exploits0
hackapp
hackapp
added 2016/04/01 10:6 a.m.11 views

V22 Osprey Flight Simulator - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application V22 Osprey Flight Simulator published at the 'play' market has multiple vulnerabilities...

0.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder