Lucene search
K

209 matches found

vulnersOsv
vulnersOsv
added 2026/06/01 2:12 p.m.7 views

@vitest/browser-playwright (>=5.0.0-beta.1 <=5.0.0-beta.2), @vitest/browser-preview (>=5.0.0-beta.1 <=5.0.0-beta.2) +1 more potentially affected by CVE-2026-47428 via @vitest/browser (>=5.0.0-beta.1 <=5.0.0-beta.2)

@vitest/browser NPM version =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.2 Source cves: CVE-2026-47428 Source advisory: SNYK:JS-VITESTBROWSER-17120486...

5.4AI score0.0005EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 2:12 p.m.10 views

@vitest/browser-playwright (>=5.0.0-beta.1 <=5.0.0-beta.2), @vitest/browser-preview (>=5.0.0-beta.1 <=5.0.0-beta.2) +1 more potentially affected by CVE-2026-47428 via @vitest/browser (>=5.0.0-beta.1 <=5.0.0-beta.2)

@vitest/browser NPM version =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.2 Source cves: CVE-2026-47428 Source advisory: OSV:GHSA-2H32-95RG-CPPP...

5.4AI score0.0005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/21 3:41 p.m.14 views

CVE-2026-25244

A flaw was found in WebdriverIO. A remote attacker can exploit a command injection vulnerability by crafting a malicious Git repository with a specially named branch. This branch name, containing shell metacharacters, is unsafely processed during test orchestration. This allows for remote code...

9.8CVSS6.3AI score0.02799EPSS
Exploits1References6
NVD
NVD
added 2026/05/18 9:16 p.m.18 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS0.02799EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/05/18 8:31 p.m.43 views

CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS0.02799EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:31 p.m.7 views

CVE-2026-25244

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/05/18 8:31 p.m.12 views

EUVD-2026-30805

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References3
OSV
OSV
added 2026/05/18 8:31 p.m.2 views

CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS7.9AI score0.02799EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/05/18 8:31 p.m.8 views

CVE-2026-25244 WebdriverIO has Command Injection in the BrowserStack Service

WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions below 9.24.0 contain a command injection vulnerability leading to remote code execution RCE in test orchestration. Git permits branch names containing shell...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References3
CVE
CVE
added 2026/05/18 8:31 p.m.35 views

CVE-2026-25244

CVE-2026-25244 affects WebdriverIO versions below 9.24.0, specifically the @wdio/browserstack-service during test orchestration. The root cause is user-controlled git branch names being interpolated directly into execSync() calls within getGitMetadataForAISelection() without sanitization, enablin...

9.8CVSS6.6AI score0.02799EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.11 views

webdriverio 操作系统命令注入漏洞

WebdriverIO is an open-source automation testing framework for browsers and mobile devices developed by WebdriverIO. Versions of WebdriverIO prior to 9.24.0 had a vulnerability related to operating system command injection. This vulnerability stemmed from the getGitMetadataForAISelection function...

9.8CVSS6.2AI score0.02799EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/05/11 5:53 p.m.7 views

@elliemae/pui-e2e-test-sdk (>=11.0.0 <=12.2.0), froth-webdriverio-framework (>=9.0.5-ytlc3.0 <=9.0.5-ytlc7.0) potentially affected by CVE-2026-25244 via @wdio/browserstack-service (>=9.12.7 <=9.23.0)

@wdio/browserstack-service NPM version =9.12.7, =11.0.0, =9.0.5-ytlc3.0, =9.0.5-ytlc7.0 Source cves: CVE-2026-25244 Source advisory: SNYK:JS-WDIOBROWSERSTACKSERVICE-16642116...

9.8CVSS5.8AI score0.02799EPSS
Exploits1
Snyk
Snyk
added 2026/05/11 5:53 p.m.10 views

Command Injection

Overview @wdio/browserstack-service is a WebdriverIO service for better Browserstack integration Affected versions of this package are vulnerable to Command Injection via the getGitMetadataForAISelection function. An attacker can execute arbitrary commands on the host system by supplying a...

9.8CVSS6.1AI score0.02799EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/11 5:53 p.m.16 views

WebdriverIO BrowserStack Service has a Command Injection issue

Summary A command injection vulnerability exists in @wdio/browserstack-service that allows remote code execution RCE when processing git branch names in test orchestration. An attacker can exploit this by providing a malicious git repository with a branch name containing shell command injection...

9.8CVSS6.4AI score0.02799EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39872

Name of the Vulnerable Software and Affected Versions WebdriverIO versions prior to 9.24.0 Description A command injection issue exists in the test orchestration of WebdriverIO, specifically within the @wdio/browserstack-service module. The function getGitMetadataForAISelection interpolates git...

9.8CVSS7.9AI score0.02799EPSS
Exploits1References18
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 4:31 p.m.9 views

Malicious code in @postman/wdio-junit-reporter (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3ac6f5998a89d257823fdf6368153d30126e695eb96b8ba6a5cd500fe661b8f8 The package @postman/wdio-junit-reporter was found to contain malicious code. Source: google-open-source-security...

6.9AI score
Exploits0References3
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-180269

Malicious code in async-graviton-webdriverio-quantum npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-175434

Malicious code in yonder-webdriverio-lynx-blackhole npm...

6.6AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.3 views

MAL-2025-187896 Malicious code in magellan-astro-webdriverio-enceladus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 956002abb27a2f289c68e054e9fd9ee1991e2691200e686d03be1ff32801893e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/13 3:23 a.m.4 views

MAL-2025-186627 Malicious code in dotenv-safe-vortex-meissa-webdriverio (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 90fb944cc269795d653356deba7764bb80e34801218d14654f3434c39296c5c2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.8AI score
Exploits0
Rows per page
Query Builder