UBUNTU-CVE-2026-26318

systeminformation is a System and OS information library for node.js...

ROOT-APP-NPM-CVE-2026-26318 CVE-2026-26318 in @rootio/systeminformation - Patched by Root

Root has patched CVE-2026-26318 in the @rootio/systeminformation package for Root:npm. Multiple fixed versions available...

Linux Distros Unpatched Vulnerability : CVE-2026-26318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318.

Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318. This bulletin contains information addressing the vulnerability. Vulnerability Details...

CVE-2026-26318

creationtimestamp| type| source ---|---|--- 2026-02-19 21:00:38+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mfaigeltvv2k 2026-02-20 21:00:15+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mfcyumxp7v2l...

CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

@agentuity/evals (>=0.0.104 <=2.0.17), @agentuity/hono (>=3.0.0-alpha.0 <=3.0.0-beta.3) +345 more potentially affected by CVE-2026-26318 via systeminformation (>=5.0.6 <=5.30.8)

systeminformation NPM version =5.0.6, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =0.0.0-test.0, =0.0.0-test.0, =0.0.0-test.0, =5.0.0-private.20260319 and more Source cves: CVE-2026-26318 Source...

CVE-2022-26318

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

CVE-2025-8474

Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2025-8474

The CVE-2025-8474 entry describes a stack-based buffer overflow in Alpine iLX-507 CarPlay protocol implementation. Affected: Alpine iLX-507 devices. Root-context code execution is possible due to improper validation of the length of user-supplied data before copying into a fixed-length stack buff...

CVE-2024-26318

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character...

CVE-2025-26318

creationtimestamp| type| source ---|---|--- 2025-02-28 09:03:40+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/16006 2025-03-04 21:35:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6446 2025-03-05 00:12:48+00:00| seen| https://t.me/cvedetector/19554...

Exploit for CVE-2022-26318

Watchguard-RCE-POC-CVE-2022-26318 PoC for Watc...

Exploit for CVE-2025-26318

TSplus Remote Access - CVE-2025-26318 Insecure Permissions In...

Metasploit Weekly Wrap-Up 04/05/2024

New ESC4 Templates for AD CS Metasploit added capabilities for exploiting the ESC family of flaws in AD CS in Metasploit 6.3. The ESC4 technique in particular has been supported for some time now thanks to the adcscerttemplates module which enables users to read and write certificate template...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution Exploit

This Metasploit module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule 'WatchGuard XTM Firebox Unauthenticated Remote Command Execution', 'Description' = %q This module exploits a buffer overflow at the...

WatchGuard XTM Firebox Unauthenticated Remote Command Execution

This module exploits a buffer overflow at the administration interface 8080 or 4117 of WatchGuard Firebox and XTM appliances which is built from a cherrypy python backend sending XML-RPC requests to a C binary called wgagent using pre-authentication endpoint /agent/login. This vulnerability impac...

CVE-2024-26318

creationtimestamp| type| source ---|---|--- 2024-02-19 05:21:16+00:00| seen| https://t.me/ctinow/187449 2024-02-19 05:26:07+00:00| seen| https://t.me/ctinow/187450 2024-02-20 05:22:20+00:00| seen| https://t.me/arpsyndicate/3550 2025-03-25 19:24:56+00:00| seen|...

CVE-2024-26318

Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character...