CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

4 matches found

Prion•added 2023/03/06 5:15 a.m.•10 views

Directory traversal

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith method in the servePath function...

5CVSS7.5AI score0.0132EPSS

Exploits1References4

RedhatCVE•added 2022/05/16 4:26 a.m.•58 views

CVE-2022-21190

This affects the package convict before 6.2.3. This is a bypass of CVE-2022-22143. The fix introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with proto or this.constructor.prototype. To bypass this check it's...

9.8CVSS2.7AI score0.01732EPSS

Exploits2References3

Github Security Blog•added 2022/05/14 12:1 a.m.•42 views

Prototype Pollution in convict

This affects the package convict before 6.2.3. This is a bypass of CVE-2022-22143. The fix introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with proto or this.constructor.prototype. To bypass this check it's...

9.8CVSS2.9AI score0.00668EPSS

Exploits1References7Affected Software1

Prion•added 2022/05/13 8:15 p.m.•18 views

Design/Logic Flaw

This affects the package convict before 6.2.3. This is a bypass of CVE-2022-22143. The fix introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with proto or this.constructor.prototype. To bypass this check it's...

7.5CVSS9.4AI score0.01732EPSS

Exploits2References5Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by