BIT-NODE-2025-55130

A flaw in Node.js’s Permissions model allows attackers to bypass --allow-fs-read and --allow-fs-write restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files...

CVE-2026-21636

A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets via net, tls, or undici/fetch...

EUVD-2025-12093

Malicious code in bioql PyPI...

CVE-2025-28022

TOTOLINK A810R V4.1.2cu.5182B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

CVE-2025-28022

TOTOLINK A810R V4.1.2cu.5182B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

CVE-2025-28020

TOTOLINK A800R V4.1.2cu.5137B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

CVE-2025-28020

TOTOLINK A800R V4.1.2cu.5137B20200730 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter...

PT-2025-17650 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version 4.1.2cu.5182 B20201026 Description: A buffer overflow issue was discovered in the downloadFile.cgi endpoint through the v25 parameter. Recommendations: For TOTOLINK A810R version 4.1.2cu.5182 B20201026, avoid using the...

PT-2025-17649 · Totolink · Totolink A800R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A800R version 4.1.2cu.5137 B20200730 Description: A buffer overflow issue was discovered in the downloadFile.cgi endpoint through the v25 parameter. This allows for potential exploitation. Recommendations: For TOTOLINK A800R version...

TOTOLINK A810R 安全漏洞

TOTOLINK A810R is a wireless dual-band router from China's Gion Electronics TOTOLINK. The TOTOLINK A810R suffers from a buffer overflow vulnerability, which stems from the v25 parameter in downloadFile.cgi failing to properly validate the length and size of the input data, which can be exploited ...

CVE-2023-37739

i-doit Pro v25 and below was discovered to be vulnerable to path traversal...

Path traversal

i-doit Pro v25 and below was discovered to be vulnerable to path traversal...

CVE-2023-37739

CVE-2023-37739 concerns i-doit Pro v25 and below that is vulnerable to a path traversal issue in the product. The connected sources consistently identify i-doit Pro versions prior to 26 as affected, with the root cause being a path traversal vulnerability. The practical impact noted is unauthoriz...

CVE-2023-37739

i-doit Pro v25 and below was discovered to be vulnerable to path traversal...

CVE-2023-37739

i-doit Pro v25 and below was discovered to be vulnerable to path traversal...