CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 5 days ago•6 views

EUVD-2026-34303

Vulnrichment•added 5 days ago•8 views

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

Cvelist•added 5 days ago•23 views

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

7.5CVSS0.00051EPSS

ATTACKERKB•added 5 days ago•5 views

CVE-2026-10796

CVE•added 5 days ago•9 views

Exploits1References5

CVE-2026-10796

Vulnerability summary (CVE-2026-10796) : nvm (Node Version Manager)

Exploits1References4Affected Software1

Positive Technologies•added 5 days ago•11 views

PT-2026-46295

Name of the Vulnerable Software and Affected Versions nvm versions prior to 0.40.5 Description Command injection occurs when the software executes arbitrary commands from version strings provided by a configured Node.js/io.js mirror. When commands like nvm install read available versions from the...

7.5CVSS5.7AI score0.00051EPSS

Exploits1References7

RedhatCVE•added 2026/01/31 3:19 a.m.•3 views

CVE-2026-1665

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

NVD•added 2026/01/29 11:16 p.m.•3 views

Exploits0References1

CVE-2026-1665

5.4CVSS0.0003EPSS

OSV•added 2026/01/29 11:16 p.m.•3 views

CVE-2026-1665

5.4CVSS6.2AI score

CVE•added 2026/01/29 11:4 p.m.•15 views

CVE-2026-1665

CVE-2026-1665 affects nvm (Node Version Manager) versions 0.40.3 and earlier. The vulnerability arises because the wget path in the nvm_download() function uses eval to execute commands and the NVM_AUTH_HEADER environment variable is not sanitized in that path (unlike the curl path). An attacker ...

Vulnrichment•added 2026/01/29 11:4 p.m.•2 views

CVE-2026-1665 Command Injection in nvm via NVM_AUTH_HEADER in wget code path

Cvelist•added 2026/01/29 11:4 p.m.•18 views

CVE-2026-1665 Command Injection in nvm via NVM_AUTH_HEADER in wget code path

5.4CVSS0.0003EPSS

EUVD•added 2026/01/29 11:4 p.m.•3 views

EUVD-2026-5014

CNNVD•added 2026/01/29 12:0 a.m.•2 views

Node Version Manager security vulnerability

Node Version Manager is an open-source node version manager developed by nvm.sh. Versions of Node Version Manager prior to 0.40.3 contain security vulnerabilities. These vulnerabilities stem from the nvmdownload function using eval to execute the wget command, and the NVMAUTHHEADER environment...

5.4CVSS5.9AI score0.0003EPSS

Exploits0References5

Positive Technologies•added 2026/01/29 12:0 a.m.•4 views

PT-2026-5371

Name of the Vulnerable Software and Affected Versions nvm versions 0.40.3 and below Description A command injection issue exists in nvm Node Version Manager. The nvm download function utilizes eval to execute wget commands. The NVM AUTH HEADER environment variable was not properly sanitized when...