EUVD-2026-31959

A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit...

EUVD-2025-202722

OS Command Injection vulnerability in Ruijie RG-YST EST, YSTAP3.01B11P280YST250F V1.xxV2.xx allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua...

EUVD-2023-0565

Malicious code in bioql PyPI...

CVE-2025-3203

A vulnerability classified as problematic was found in Tenda W18E 16.01.0.11. Affected by this vulnerability is the function formSetAccountList of the file /goform/setModules. The manipulation of the argument Password leads to stack-based buffer overflow. The attack can be launched remotely. The...

CVE-2025-1755

MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\nodemodules. This issue affects MongoDB Compass prior to 1.42.1...

CVE-2025-1756

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

CVE-2022-21191

A flaw was found in global-modules-path. This issue may allow command injection via getPath due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

Command Injection

global-modules-path is vulnerable to Command Injection. The vulnerability exists due to the insecure usage of execSync in index.js, allowing an attacker to inject and execute malicious commands such as getPath"something & touch abc", "somethingElse & touch def"...

GHSA-VVJ3-85VF-FGMW global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

global-modules-path Command Injection vulnerability

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

@airy/maleo (>=0.0.1-canary.49 <=0.3.1-canary.36), @audentio/kinetic (>=0.1.0 <=0.1.12) +206 more potentially affected by CVE-2022-21191 via global-modules-path (>=1.0.0 <=2.3.1)

global-modules-path NPM version =1.0.0, =0.0.1-canary.49, =0.1.0, =6.4.0, =0.1.0, =8.0.0, =0.0.6, =0.1.0-latest.1a450bb3, =0.1.0, =1.0.0, =0.0.22-alpha.1, =0.1.0, =1.1.3, =0.9.0, =0.0.1, =0.0.2 and more Source cves: CVE-2022-21191 Source advisory: OSV:GHSA-VVJ3-85VF-FGMW...

CVE-2022-21191

CVE-2022-21191 concerns the npm package global-modules-path . Versions prior to 3.0.0 are vulnerable to a Command Injection via the internal getPath function caused by missing input sanitization and sandboxing. The result is a high-risk condition, with confirmed references across multiple sources...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

CVE-2022-21191

Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function...

PT-2023-12664 · Unknown · Global-Modules-Path

Name of the Vulnerable Software and Affected Versions: global-modules-path versions prior to 3.0.0 Description: The issue is related to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. This allows for potential exploitation...

global-modules-path 安全漏洞

global-modules-path is a utility that returns the path of a global installation package. A security vulnerability exists in global-modules-path versions prior to 3.0.0, which stems from a lack of cleaning of user input or a failure to sandbox the getPath function...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. PoC js var root = require"global-modules-path" root.getPath"& touch JHU","& touch exploit" Remediation Upgrade...

Microweber Information Disclosure Vulnerability

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in the userfiles/modules/users/controller/controller.php...

ALPINE-CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...