15 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-68154
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS...
OS Command Injection
systeminformation is vulnerable to OS Command Injection. The vulnerability is due to direct concatenation of the user-supplied drive parameter into a PowerShell command in the fsSize function without proper sanitization, which allows an attacker to execute arbitrary commands on Windows systems wh...
EUVD-2025-203835
systeminformation has a Command Injection vulnerability in fsSize function on Windows...
systeminformation has a Command Injection vulnerability in fsSize() function on Windows
Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the fsSize function when the drive parameter is concatenated into a PowerShell command without proper sanitization. An attacker can execute arbitrary...
GHSA-WPHJ-FX3Q-84CH systeminformation has a Command Injection vulnerability in fsSize() function on Windows
Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
DEBIAN-CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154 Command Injection in fsSize() on Windows
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
CVE-2025-68154
The CVE-2025-68154 issue affects the systeminformation library for Node.js, where fsSize() on Windows unsafely concatenates the drive parameter into a PowerShell command, enabling OS command injection. The vulnerability is documented as high severity (CVSS 8.1) with potential for arbitrary comman...
CVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...
systeminformation 操作系统命令注入漏洞
systeminformation is an Npm repository for obtaining operating system information by Sebastian Hildebrandt, an individual developer. An OS command injection vulnerability exists in systeminformation versions prior to 5.27.14, which stems from an OS command injection vulnerability in the fsSize...
PT-2025-51775
systeminformation and Affected Versions systeminformation versions prior to 5.27.14 Description The fsSize function within the systeminformation Node.js library is susceptible to OS command injection on Windows systems. The optional drive parameter is directly incorporated into a PowerShell comma...