Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Systeminformation Security Vulnerabilities

cve
cve

CVE-2023-42810

systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to wifiConnections(),...

9.8CVSS

9.6AI Score

0.001EPSS

2023-09-21 06:15 PM
106
cve
cve

CVE-2020-26300

systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation...

9.8CVSS

9.7AI Score

0.005EPSS

2021-09-09 01:15 AM
35
cve
cve

CVE-2021-21388

systeminformation is an open source system and OS information library for node.js. A command injection vulnerability has been discovered in versions of systeminformation prior to 5.6.4. The issue has been fixed with a parameter check on user input. Please upgrade to version >= 5.6.4. If you cann...

9.8CVSS

9.6AI Score

0.008EPSS

2021-04-29 06:15 PM
30
5
cve
cve

CVE-2021-21315

The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1.....

7.8CVSS

7.8AI Score

0.972EPSS

2021-02-16 05:15 PM
942
In Wild
25
cve
cve

CVE-2020-26274

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability. The problem was fixed in version 4.31.1 with a shell string sanitation...

8.8CVSS

9AI Score

0.002EPSS

2020-12-16 08:15 PM
26
2
cve
cve

CVE-2020-26245

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or...

9.8CVSS

9.2AI Score

0.002EPSS

2020-11-27 08:15 PM
62
cve
cve

CVE-2020-7778

This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS...

7.3CVSS

7.3AI Score

0.008EPSS

2020-11-26 11:15 AM
36
3
cve
cve

CVE-2020-7752

This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS...

8.8CVSS

8.9AI Score

0.024EPSS

2020-10-26 05:15 PM
25