Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Microsoft CVE
Microsoft CVEadded 2026/04/17 8:1 a.m.1 views

jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted()

...

6.2CVSS5.7AI score0.00005EPSS
Exploits1
Vulnrichment
Vulnrichmentadded 2025/09/04 11:56 p.m.1 views

CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

7.5CVSS6AI score0.00087EPSS
Exploits0References3
Snyk
Snykadded 2025/09/03 9:30 p.m.1 views

Use of Incorrectly-Resolved Name or Reference

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the getPath function in the utils/url.ts file. An attacker can gain unauthorized access to protected endpoints by sending specially craft...

8.7CVSS6.9AI score0.00087EPSS
Exploits0References2
NVD
NVDadded 2023/01/13 5:15 a.m.11 views

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

9.8CVSS8.3AI score0.0065EPSS
Exploits0References4
CVE
CVEadded 2023/01/13 5:0 a.m.70 views

CVE-2022-21191

CVE-2022-21191 concerns the npm package global-modules-path . Versions prior to 3.0.0 are vulnerable to a Command Injection via the internal getPath function caused by missing input sanitization and sandboxing. The result is a high-risk condition, with confirmed references across multiple sources...

9.8CVSS9.6AI score0.0065EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2023/01/13 12:0 a.m.2 views

PT-2023-12664 · Unknown · Global-Modules-Path

Name of the Vulnerable Software and Affected Versions: global-modules-path versions prior to 3.0.0 Description: The issue is related to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. This allows for potential exploitation...

9.8CVSS7.5AI score0.0065EPSS
Exploits0References10
Snyk
Snykadded 2022/12/13 3:6 p.m.2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. PoC js var root = require"global-modules-path" root.getPath"& touch JHU","& touch exploit" Remediation Upgrade...

9.8CVSS7.3AI score0.0065EPSS
Exploits0References2
OwnCloud
OwnCloudadded 2015/08/03 6:51 p.m.35 views

Disclosure of users files when deleting parent folders of shared files - ownCloud

Due to a common incorrect usage of the getPath function of the ownCloud virtual filesystem multiple security issues occurred. Especially the function may return null in case the specified file does not exist anymore. When passing the result of getPath in combination with null to functions that...

4CVSS6.5AI score0.00105EPSS
Exploits0Affected Software1
Rows per page
Query Builder