CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-6542

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.0077EPSS

Exploits1References2

Veracode•added 2022/08/03 5:59 a.m.•14 views

Command Injection

curljs is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the input argument allowing an attacker to inject maliciously crafted OS command into the system...

9.8CVSS9.2AI score0.0077EPSS

Exploits1Affected Software1

vulnersOsv•added 2022/08/03 12:0 a.m.•1 views

ca-reservoir-status (=1.0.0) potentially affected by CVE-2020-28425 via curljs (=0.1.2)

curljs NPM version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on curljs and may be impacted: - ca-reservoir-status =1.0.0 Source cves: CVE-2020-28425 Source advisory: OSV:GHSA-CQFC-9452-R36J...

9.8CVSS7.2AI score0.0077EPSS

Exploits1

Github Security Blog•added 2022/08/03 12:0 a.m.•16 views

curljs Command Injection vulnerability

A command injection vulnerability affects all versions of the package curljs...

9.8CVSS9.5AI score0.0077EPSS

Exploits1References3Affected Software1

OSV•added 2022/08/03 12:0 a.m.•3 views

GHSA-CQFC-9452-R36J curljs Command Injection vulnerability

A command injection vulnerability affects all versions of the package curljs...

9.8CVSS5.8AI score0.0077EPSS

Exploits1References2

NVD•added 2022/08/02 2:15 p.m.•9 views

CVE-2020-28425

This affects all versions of package curljs...

9.8CVSS0.0077EPSS

Exploits1References1

Prion•added 2022/08/02 2:15 p.m.•14 views

Command injection

This affects all versions of package curljs...

7.5CVSS9.5AI score0.0077EPSS

Exploits1References1

CVE•added 2022/08/02 1:27 p.m.•53 views

CVE-2020-28425

Curljs is affected by a Command Injection vulnerability that affects all versions. The root cause is lack of input sanitization, allowing an attacker-supplied argument to inject OS commands. Reported exploit evidence includes a PoC showing arbitrary command execution, and multiple sources confirm...

9.8CVSS8.5AI score0.0077EPSS

Exploits1References1Affected Software1

Cvelist•added 2022/08/02 1:27 p.m.•16 views

CVE-2020-28425 Command Injection

This affects all versions of package curljs...

7.3CVSS9.6AI score0.0077EPSS

Exploits1References1

CNNVD•added 2022/08/02 12:0 a.m.•3 views

curljs 命令注入漏洞

curljs is a Node.js library that wraps curl functionality. A command injection vulnerability exists in all versions of curljs, which stems from the presence of command injection...

9.8CVSS8.3AI score0.0077EPSS

Exploits1References3

Positive Technologies•added 2022/08/02 12:0 a.m.•2 views

PT-2022-8888 · Curljs · Curljs

Name of the Vulnerable Software and Affected Versions: curljs affected versions not specified Description: A command injection issue affects the package. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this...

9.8CVSS9.7AI score0.0077EPSS

Exploits1References5

vulnersOsv•added 2020/12/11 2:45 p.m.•1 views

ca-reservoir-status (=1.0.0) potentially affected by CVE-2020-28425 via curljs (=0.1.2)

9.8CVSS7.2AI score0.0077EPSS

Exploits1

Snyk•added 2020/12/11 2:45 p.m.•3 views

Command Injection

Overview curljs is a package that wraps the functionality of curl into an easy to use node module Affected versions of this package are vulnerable to Command Injection. PoC var a=require"curljs"; a"' & touch JHU '" Remediation There is no fixed version for curljs. Credit: JHU System Security Lab...

9.8CVSS6.9AI score0.0077EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by