Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (8 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0691 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 9.8 Critical
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.
CVE-2022-0686 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 9.1 Critical
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.
CVE-2022-0639 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 5.3 Medium
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.
CVE-2022-0512 2 Redhat, Url-parse Project 2 Rhmt, Url-parse 2024-11-21 5.3 Medium
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.
CVE-2021-3664 1 Url-parse Project 1 Url-parse 2024-11-21 5.3 Medium
url-parse is vulnerable to URL Redirection to Untrusted Site
CVE-2021-27515 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 5.3 Medium
url-parse before 1.5.0 mishandles certain uses of backslash such as http:\/ and interprets the URI as a relative path.
CVE-2020-8124 2 Redhat, Url-parse Project 2 Service Mesh, Url-parse 2024-11-21 5.3 Medium
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVE-2018-3774 2 Redhat, Url-parse Project 2 Quay, Url-parse 2024-11-21 9.8 Critical
Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol.