CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/27 8:16 p.m.•6 views

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS0.00055EPSS

Cvelist•added 2026/05/27 7:26 p.m.•35 views

CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

7.8CVSS0.00055EPSS

Vulnrichment•added 2026/05/27 7:26 p.m.•4 views

CVE-2026-44724 systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

ATTACKERKB•added 2026/05/27 7:26 p.m.•3 views

CVE-2026-44724

Exploits0References2Affected Software1

CVE•added 2026/05/27 7:26 p.m.•8 views

CVE-2026-44724

CVE-2026-44724 affects the node.js library systeminformation (Linux) from versions 4.17.0 through 5.31.5. The issue is a command-injection flaw in networkInterfaces() caused by unsanitized NetworkManager connection profile names being interpolated into shell commands executed via execSync(), afte...

CNNVD•added 2026/05/27 12:0 a.m.•5 views

systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM software library developed by Sebastian Hildebrandt, which allows access to operating system information. Versions of SystemInformation from 4.17.0 to 5.31.5 contain a vulnerability related to operating system command injection. This vulnerability arises on Linux when t...

OSV•added 2026/05/21 10:54 a.m.•5 views

MAL-2026-4635 Malicious code in payment-account-input-selector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 12187e6fb4ae4d3a411cea0c3ec8b995e1091a9cf78219db9fbcdac87540aabf On npm install, preinstall.js collects hostname, username, platform, cwd, timestamp, and a full dump of os.networkInterfaces and HTTP-GETs them as...

5.8AI score

Snyk•added 2026/05/13 3:29 p.m.•3 views

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection in the networkInterfaces function when handling NetworkManager connection profile names obtained from nmcli device status output. An attacker can execute...

8.5CVSS6AI score0.00055EPSS

Patchstack•added 2026/05/13 3:29 p.m.•2 views

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces via unsanitized NetworkManager connection profile name vulnerability discovered by ? in WordPress Npm systeminformation versions = 4.17.0, = 5.31.5...

Exploits0References3Affected Software1

RedhatCVE•added 2026/05/06 10:52 p.m.•5 views

CVE-2026-43239

A flaw was found in the Linux kernel's Server Message Block SMB client. A race condition exists where multiple operations attempting to update network interfaces could execute simultaneously. This concurrency issue could lead to an inconsistent state within the SMB client, potentially causing...

8.8CVSS5.8AI score0.00043EPSS

Exploits0References4

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в linux

In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed a use-after-free in nfs4initclient. KASAN reports a use-after-free when attempting to mount two different exports through two different NICs that belong to the same server. Olga was able to exploit this issue with...

7.5CVSS6.5AI score0.0008EPSS

SUSE CVE•added 2026/05/01 2:5 a.m.•2 views

SUSE CVE-2026-31692

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...

5.7AI score0.00015EPSS

EUVD•added 2026/04/30 10:34 a.m.•1 views

EUVD-2026-26363

5.5AI score0.00015EPSS

Exploits0References3

Fedora•added 2026/03/25 12:56 a.m.•2 views

[SECURITY] Fedora 44 Update: containernetworking-plugins-1.9.1-1.fc44

Reference and example networking plugins, maintained by the CNI team. The CNI Container Network Interface project consists of a specification and libraries for writing plugins to configure network interfaces in Linux containers, along with a number of supported plugins. CNI concerns itself only...

7.5CVSS7AI score0.00016EPSS

Exploits1

OSV•added 2026/01/26 9:30 p.m.•1 views

GHSA-25MH-HP8X-CGRV KubeVirt Guest Agent DoS via Excessive Network Interface Reports

A flaw was found in KubeVirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

Github Security Blog•added 2026/01/26 9:30 p.m.•4 views

Exploits0References5

KubeVirt Guest Agent DoS via Excessive Network Interface Reports

Exploits0References5Affected Software1

NVD•added 2026/01/26 8:16 p.m.•2 views

CVE-2025-14525

A flaw was found in kubevirt. A user within a virtual machine VM, if the guest agent is active, can exploit this by causing the agent to report an excessive number of network interfaces. This action can overwhelm the system's ability to store VM configuration updates, effectively blocking changes...

6.4CVSS0.00029EPSS

EUVD•added 2026/01/26 7:36 p.m.•5 views

EUVD-2025-206339

ATTACKERKB•added 2026/01/26 7:36 p.m.•4 views

CVE-2025-14525