Lucene search
K

100 matches found

NVD
NVD
added 2021/04/18 7:15 p.m.32 views

CVE-2021-23378

This affects all versions of package picotts. If attacker-controlled user input is given to the say function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01943EPSS
Exploits1References2
NVD
NVD
added 2021/04/18 7:15 p.m.23 views

CVE-2021-23376

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS0.01943EPSS
Exploits1References2
Prion
Prion
added 2021/04/18 7:15 p.m.16 views

Input validation

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

7.5CVSS9.7AI score0.01336EPSS
Exploits1References2
Prion
Prion
added 2021/04/18 7:15 p.m.21 views

Input validation

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

7.5CVSS9.7AI score0.01336EPSS
Exploits1References2
Prion
Prion
added 2021/04/18 7:15 p.m.27 views

Design/Logic Flaw

This affects all versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input...

7.5CVSS7.4AI score0.01151EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/18 6:40 p.m.43 views

CVE-2021-23375 Arbitrary Command Injection

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

7.3CVSS9.9AI score0.01336EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/18 6:40 p.m.36 views

CVE-2021-23376 Arbitrary Command Injection

This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS9.9AI score0.01943EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/04/18 6:40 p.m.19 views

CVE-2021-23377 Arbitrary Command Injection

This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

9.8CVSS9.9AI score0.02972EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2021/04/13 3:32 p.m.47 views

Arbitrary code execution in kill-by-port

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

8.8CVSS4.3AI score0.01765EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/04/13 3:32 p.m.23 views

GHSA-MM4F-47CH-F7HX Arbitrary code execution in kill-by-port

This affects the package kill-by-port before 0.0.2. If attacker-controlled user input is given to the killByPort function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

6.3CVSS8.9AI score0.01765EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/04/13 3:20 p.m.57 views

Code injection in port-killer

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

8.8CVSS4.9AI score0.01654EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2021/04/13 3:20 p.m.18 views

GHSA-2548-Q746-X5X6 Code injection in port-killer

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

7.5CVSS9AI score0.01654EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/04/13 3:16 p.m.26 views

Command Injection in killport

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

8.8CVSS3AI score0.0234EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/03/31 3:15 p.m.11 views

CVE-2021-23348

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

8.8CVSS7.5AI score
Exploits0References4
NVD
NVD
added 2021/03/31 3:15 p.m.9 views

CVE-2021-23348

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

8.8CVSS0.0182EPSS
Exploits1References4
Cvelist
Cvelist
added 2021/03/31 2:25 p.m.19 views

CVE-2021-23348 Arbitrary Command Injection

This affects the package portprocesses before 1.0.5. If attacker-controlled user input is given to the killProcess function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

6.3CVSS9.2AI score0.0182EPSS
Exploits1References4
NVD
NVD
added 2021/03/21 4:15 p.m.23 views

CVE-2021-23360

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

8.8CVSS0.0234EPSS
Exploits1References3
Cvelist
Cvelist
added 2021/03/21 3:45 p.m.30 views

CVE-2021-23360 Arbitrary Command Injection

This affects the package killport before 1.0.2. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

7.5CVSS9.2AI score0.0234EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/03/19 9:32 p.m.64 views

total.js Remote Code Execution Vulnerability

total.js is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. It can be used as web, desktop, service or IoT application. Affected versions of this package are vulnerable to Remote Code Execution RCE via set. PoC js // To be ru...

9.8CVSS9.3AI score0.04787EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2021/03/19 9:19 p.m.63 views

Command Injection in ps-kill

This affects all versions of package ps-kill. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization in the index.js file. PoC provided by...

9.8CVSS9.3AI score0.01201EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder