EUVD-2025-25196

Malicious code in bioql PyPI...

Command Injection

screenshot-desktop is vulnerable to command injection. The vulnerability is due to unsanitized user-controlled input being passed into the format option of the screenshot function, which allows an attacker to execute arbitrary commands with the privileges of the calling process...

GHSA-GJX4-2C7G-FM94 screenshot-desktop vulnerable to command Injection via `format` option

Impact This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. An attacker can craft malicious input such as: format: "; echo vulnerable /tmp/hello;" This...

screenshot-desktop vulnerable to command Injection via `format` option

Impact This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. An attacker can craft malicious input such as: format: "; echo vulnerable /tmp/hello;" This...

Arbitrary Command Injection

Overview screenshot-desktop is a Capture a screenshot of your local machine Affected versions of this package are vulnerable to Arbitrary Command Injection via the format option in the Snapshot functions. An attacker can execute arbitrary commands with the privileges of the calling process by...

CVE-2025-55294

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-55294

The CVE-2025-55294 issue affects the screenshot-desktop package. The vulnerability stems from the format option in the Snapshot function, where user-controlled input is interpolated into a shell command without sanitization, enabling arbitrary command execution with the caller’s privileges. Repor...

screenshot-desktop 命令注入漏洞

screenshot-desktop is a screenshot software by the individual developer Ben Evans. A command injection vulnerability exists in screenshot-desktop that stems from the format option not being cleaned of user input, which could lead to command injection...

PT-2025-33818 · Unknown · Screenshot-Desktop

Name of the Vulnerable Software and Affected Versions: screenshot-desktop versions prior to 1.15.2 Description: screenshot-desktop is susceptible to a command injection issue. User-controlled input provided to the format option of the screenshot function is interpolated into a shell command witho...

GHSA-8M2F-74R2-X3F2 Code injection in accesslog

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

CVE-2022-25760

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

CVE-2022-25760

All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package's exported constructor function, it is possible for an attacker to...

Arbitrary Code Injection

Overview accesslog is a simple common/combined access log middleware Affected versions of this package are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If attacker-controlled user input is given to the format option of the package...