Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

Github Security Blog
Github Security Blogadded 2021/04/13 3:32 p.m.49 views

OS Command Injection in curling

npm package curling before version 1.1.0 is vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization...

10CVSS4.9AI score0.08278EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2021/04/13 3:32 p.m.10 views

GHSA-XMXH-G7WJ-8M4M OS Command Injection in curling

npm package curling before version 1.1.0 is vulnerable to Command Injection via the run function. The command argument can be controlled by users without any sanitization...

9.8CVSS9.8AI score0.08278EPSS
Exploits1References3
Hacker One
Hacker Oneadded 2020/09/02 6:5 p.m.16 views

Node.js third-party modules: [curling] Remote Code Execution

I would like to report RCE in curling I can bypass the security check for special characters, read / overwrite file Module module name: curling version: 1.1.0 npm page: https://www.npmjs.com/package/curling Module Description A node wrapper for curl with a very simple api. Module Stats 156 weekly...

0.2AI score
Exploits0
Snyk
Snykadded 2020/02/05 1:15 p.m.1 views

Command Injection

Overview curling is a node wrapper for curl with a very simple api. Affected versions of this package are vulnerable to Command Injection via the runcommand,cb function. The command argument can be controlled by users without any sanitization. PoC by JHU System Security Lab js var root =...

10CVSS7.2AI score0.08278EPSS
Exploits1References2
Openbugbounty
Openbugbountyadded 2018/12/26 2:24 p.m.8 views

curling-basel.ch XSS vulnerability

Open Bug Bounty ID: OBB-714655 Description| Value ---|--- Affected Website:| curling-basel.ch Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

0.1AI score
Exploits0
Openbugbounty
Openbugbountyadded 2018/03/21 5:3 a.m.12 views

ontariocurlingtour.com XSS vulnerability

Open Bug Bounty ID: OBB-583804 Description| Value ---|--- Affected Website:| ontariocurlingtour.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
Veracode
Veracodeadded 2017/07/04 7:50 a.m.24 views

Man-in-the-Middle (MitM)

Moodle is vulnerable to man-in-the-middle MitM attacks. The repository/s3/S3.php does not verify that the host is secure before curling to it. This can allow a malicious user to conduct a MitM attack...

5.8CVSS5.8AI score0.00155EPSS
Exploits0References4Affected Software1
hackapp
hackappadded 2016/04/01 10:7 a.m.8 views

Curling 3D - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Curling 3D published at the 'play' market has multiple vulnerabilities...

Exploits0References1Affected Software1
ThreatPost
ThreatPostadded 2012/09/25 6:8 p.m.40 views

Large-Scale Water Holing Attack Campaigns Hitting Key Targets

A new APT-style espionage campaign launched this summer targeting organizations tied to financial services, government agencies and the defense industry used a technique dubbed water holing to entice victims and silently redirect them to sites hosting zero-day exploits. Researchers at RSA Securit...

9.3CVSS8.5AI score0.93117EPSS
Exploits12References6
Rows per page
Query Builder