2 matches found
CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name
systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...
@abtnode/core (>=1.0.15 <=1.1.9), @agentuity/evals (>=0.0.104 <=2.0.26) +718 more potentially affected by CVE-2026-44724 via systeminformation (>=4.1.5 <=5.31.5)
systeminformation NPM version =4.1.5, =1.0.15, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =3.0.0-next.12, =1.0.0, =2.0.0 and more Source cves: CVE-2026-44724 Source advisory: OSV:GHSA-HVX9-HWR7-WJJ...