Lucene search
K

189 matches found

Debian CVE
Debian CVE
added 2026/05/27 7:26 p.m.11 views

CVE-2026-44724

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained...

7.8CVSS5.8AI score0.0062EPSS
Exploits0
OSV
OSV
added 2026/05/13 3:29 p.m.5 views

GHSA-HVX9-HWR7-WJJ9 Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...

7.8CVSS6.3AI score0.0062EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.9 views

@abtnode/core (>=1.0.15 <=1.1.9), @agentuity/evals (>=0.0.104 <=2.0.26) +718 more potentially affected by CVE-2026-44724 via systeminformation (>=4.1.5 <=5.31.5)

systeminformation NPM version =4.1.5, =1.0.15, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =3.0.0-next.12, =1.0.0, =2.0.0 and more Source cves: CVE-2026-44724 Source advisory:...

7.8CVSS5.7AI score0.0062EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/13 3:29 p.m.13 views

@abtnode/core (>=1.0.15 <=1.1.9), @agentuity/evals (>=0.0.104 <=2.0.26) +718 more potentially affected by CVE-2026-44724 via systeminformation (>=4.1.5 <=5.31.5)

systeminformation NPM version =4.1.5, =1.0.15, =0.0.104, =3.0.0-alpha.0, =0.0.6, =0.0.63, =0.0.2, =3.0.0-alpha.0, =0.1.1, =0.1.1, =4.1.0, =4.0.0-devnet.2-patch.0, =0.0.1-2.1-beta-provision, =3.0.0-next.12, =1.0.0, =2.0.0 and more Source cves: CVE-2026-44724 Source advisory: OSV:GHSA-HVX9-HWR7-WJJ...

7.8CVSS5.7AI score0.0062EPSS
Exploits0
Snyk
Snyk
added 2026/05/13 3:29 p.m.6 views

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection in the networkInterfaces function when handling NetworkManager connection profile names obtained from nmcli device status output. An attacker can execute...

8.5CVSS6AI score0.0062EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/13 3:29 p.m.8 views

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

NPM: Systeminformation vulnerable to Linux command injection in networkInterfaces via unsanitized NetworkManager connection profile name vulnerability discovered by ? in WordPress Npm systeminformation versions = 4.17.0, = 5.31.5...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/13 3:29 p.m.10 views

Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name

Summary On Linux, systeminformation is vulnerable to command injection in networkInterfaces when an active NetworkManager connection profile name contains shell metacharacters. This is not caused by a caller passing attacker-controlled arguments into networkInterfaces. The vulnerable value is...

7.8CVSS6.3AI score0.0062EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40714

Name of the Vulnerable Software and Affected Versions systeminformation versions 4.17.0 through 5.31.5 Description On Linux, the library is subject to command injection within the networkInterfaces function. This occurs when an active NetworkManager connection profile name contains shell...

7.8CVSS6AI score0.0062EPSS
Exploits0References19
Circl
Circl
added 2026/05/07 7:37 p.m.9 views

CVE-2026-44724

creationtimestamp| type| source ---|---|--- 2026-05-07 19:37:55+00:00| published-proof-of-concept| https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9 2026-05-28 05:01:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmvaizrzqz26...

7.8CVSS5.7AI score0.0062EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 11:49 a.m.4 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318.

Summary IBM Maximo Application Suite - Monitor Component uses systeminformation-5.28.5.tgz, systeminformation-5.28.6.tgz, systeminformation-5.28.7.tgz which is vulnerable to CVE-2026-26280, CVE-2026-26318. This bulletin contains information addressing the vulnerability. Vulnerability Details...

8.8CVSS6.3AI score0.01233EPSS
Exploits2Affected Software1
Veracode
Veracode
added 2026/02/24 12:46 p.m.7 views

OS Command Injection

systeminformation is vulnerable to OS Command Injection. The vulnerability is due to direct concatenation of the user-supplied drive parameter into a PowerShell command in the fsSize function without proper sanitization, which allows an attacker to execute arbitrary commands on Windows systems wh...

8.1CVSS6AI score0.12863EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/21 12:24 a.m.4 views

SUSE CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS6.3AI score0.01233EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/02/21 12:24 a.m.5 views

SUSE CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

8.8CVSS5.8AI score0.0115EPSS
Exploits1References3
OSV
OSV
added 2026/02/19 8:25 p.m.4 views

DEBIAN-CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

8.8CVSS5.8AI score0.0115EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 8:25 p.m.7 views

CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

8.8CVSS0.0115EPSS
Exploits1References5
OSV
OSV
added 2026/02/19 8:25 p.m.5 views

DEBIAN-CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

7.8CVSS6.2AI score0.01233EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 8:25 p.m.6 views

CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS0.01233EPSS
Exploits1References5
OSV
OSV
added 2026/02/19 8:25 p.m.5 views

UBUNTU-CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS6.2AI score0.01233EPSS
Exploits1References2
OSV
OSV
added 2026/02/19 8:25 p.m.4 views

UBUNTU-CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

8.8CVSS5.3AI score0.0115EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 7:48 p.m.16 views

CVE-2026-26318

The CVE-2026-26318 issue affects the systeminformation package for Node.js: versions prior to 5.31.0 are vulnerable to local command injection via unsanitized output from the locate command in versions(). Version 5.31.0 fixes the issue. Root has patched the vulnerability in @rootio/systeminformat...

8.8CVSS5.5AI score0.0115EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder