Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-0999

Malware in sbrugna...

9.8CVSS9.2AI score0.00788EPSS
Exploits0References5
OSV
OSVadded 2020/09/01 4:39 p.m.1 views

GHSA-CWCP-6C48-FM7M Unsafe eval() in summit allows arbitrary code execution

Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package author has...

9.8CVSS7.4AI score0.00788EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2020/09/01 4:39 p.m.26 views

Unsafe eval() in summit allows arbitrary code execution

Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package author has...

9.8CVSS9.8AI score0.00788EPSS
Exploits0References3Affected Software1
CNVD
CNVDadded 2018/06/15 12:0 a.m.1 views

Summit Remote Code Execution Vulnerability

Summit is a Node.js-based web framework. A security vulnerability exists in Summit 0.1.0 and later versions. The vulnerability can be exploited by an attacker to execute arbitrary code when the framework uses the PouchDB driver...

9.8CVSS9.4AI score0.00788EPSS
Exploits0References1
Prion
Prionadded 2018/06/04 7:29 p.m.8 views

Design/Logic Flaw

Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name...

7.5CVSS9.7AI score0.00788EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologiesadded 2018/06/04 12:0 a.m.2 views

PT-2018-6051 · Summit +1 · Summit +1

Name of the Vulnerable Software and Affected Versions: Summit versions 0.1.0 and later Description: The issue allows an attacker to execute arbitrary commands via the collection name when using the PouchDB driver in the module. There is no information about the estimated number of potentially...

9.8CVSS9.7AI score0.00788EPSS
Exploits0References6
Veracode
Veracodeadded 2017/04/17 1:58 a.m.12 views

Command Execution Through Collection Name

summit is vulnerable to command execution. There is an unsafe eval in summit which allows an attacker to execute arbitrary commands through a malicious collection name. This only happens when using the PouchDB driver...

9.8CVSS9.6AI score0.00788EPSS
Exploits0References2Affected Software1
Node.js
Node.jsadded 2017/03/06 9:27 p.m.45 views

Unsafe eval()

Overview Affected versions of summit allow attackers to execute arbitrary commands via collection names when using the PouchDB driver. Recommendation No direct patch is available at this time. Currently, the best option to mitigate the issue is to avoid using the PouchDB driver, as the package...

7.5CVSS6.3AI score0.00788EPSS
Exploits0Affected Software1
Rows per page
Query Builder