CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

Cvelist•added 2026/06/04 5:2 p.m.•27 views

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

nvm Node Version Manager through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as nvm install read the available versions from the mirror's index.tab and use the selected version, without sanitization, to build download URLs...

7.5CVSS0.00464EPSS

Exploits1References4

Vulnrichment•added 2026/06/04 5:2 p.m.•10 views

CVE-2026-10796 nvm executes commands from a malicious Node.js mirror's version strings

7.5CVSS6.1AI score0.00464EPSS

Exploits1References4

RedhatCVE•added 2025/05/23 6:54 a.m.•8 views

CVE-2024-11681

A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror...

6.9CVSS7.8AI score0.00451EPSS

Exploits1References1

NVD•added 2019/02/04 9:29 p.m.•10 views

CVE-2019-1000014

Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from malicious/compromised mirro...

8.8CVSS8.9AI score0.0179EPSS

Exploits0References1

NVD•added 2019/02/04 9:29 p.m.•18 views

CVE-2019-1000013

Hex package manager hexcore version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromis...

8.8CVSS8.9AI score0.00877EPSS

Exploits0References2

NVD•added 2019/02/04 9:29 p.m.•9 views

CVE-2019-1000012

Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from malicious/compromised...

8.8CVSS8.9AI score0.00877EPSS

Exploits0References2

OSV•added 2019/02/04 9:29 p.m.•12 views

CVE-2019-1000014

8.8CVSS7.3AI score

Exploits0References1

Prion•added 2019/02/04 9:29 p.m.•28 views

Design/Logic Flaw

6.8CVSS8.8AI score0.00877EPSS

Exploits0References2Affected Software1

Prion•added 2019/02/04 9:29 p.m.•10 views

Design/Logic Flaw

6.8CVSS8.8AI score0.00877EPSS

Exploits0References2Affected Software1

CVE•added 2019/02/04 9:0 p.m.•53 views

CVE-2019-1000013

Hex Core (Hex package manager) versions 0.3.0 and earlier contain a Signing oracle vulnerability in the Package registry verification that can allow code execution. The issue arises when a victim fetches packages from a malicious or compromised mirror, potentially modifying packages without detec...

8.8CVSS8.9AI score0.00877EPSS

Exploits0References2Affected Software1

Cvelist•added 2019/02/04 9:0 p.m.•19 views

CVE-2019-1000012

8.9AI score0.00877EPSS

Exploits0References2

Debian CVE•added 2019/02/04 9:0 p.m.•17 views

CVE-2019-1000014

8.8CVSS9AI score0.0179EPSS

Exploits0

FreeBSD•added 2006/05/01 12:0 a.m.•32 views

clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability

Secunia reports: A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the HTTP client in the Freshclam command line...

5.1CVSS6.8AI score0.0581EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by