Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

RedhatCVE
RedhatCVEadded 2026/01/31 3:19 a.m.3 views

CVE-2026-1665

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS6.2AI score0.0003EPSS
Exploits0References1
NVD
NVDadded 2026/01/29 11:16 p.m.2 views

CVE-2026-1665

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS0.0003EPSS
Exploits0References4
CVE
CVEadded 2026/01/29 11:4 p.m.10 views

CVE-2026-1665

CVE-2026-1665 affects nvm (Node Version Manager) versions 0.40.3 and earlier. The vulnerability arises because the wget path in the nvm_download() function uses eval to execute commands and the NVM_AUTH_HEADER environment variable is not sanitized in that path (unlike the curl path). An attacker ...

5.4CVSS6.2AI score0.0003EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/01/29 11:4 p.m.2 views

CVE-2026-1665 Command Injection in nvm via NVM_AUTH_HEADER in wget code path

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS6.2AI score0.0003EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/29 11:4 p.m.18 views

CVE-2026-1665 Command Injection in nvm via NVM_AUTH_HEADER in wget code path

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS0.0003EPSS
Exploits0References4
EUVD
EUVDadded 2026/01/29 11:4 p.m.1 views

EUVD-2026-5014

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS6.2AI score0.0003EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/01/29 11:4 p.m.3 views

CVE-2026-1665

A command injection vulnerability exists in nvm Node Version Manager versions 0.40.3 and below. The nvmdownload function uses eval to execute wget commands, and the NVMAUTHHEADER environment variable was not sanitized in the wget code path though it was sanitized in the curl code path. An attacke...

5.4CVSS6.2AI score0.0003EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/01/29 12:0 a.m.2 views

PT-2026-5371

Name of the Vulnerable Software and Affected Versions nvm versions 0.40.3 and below Description A command injection issue exists in nvm Node Version Manager. The nvm download function utilizes eval to execute wget commands. The NVM AUTH HEADER environment variable was not properly sanitized when...

5.4CVSS6.2AI score0.0003EPSS
Exploits0References7
Rows per page
Query Builder