CLSA-2026-1778820779 tar: Fix of CVE-2023-39804

CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...

CLSA-2026-1778828497 tar: Fix of CVE-2023-39804

CVE-2023-39804: fix crash on PAX archive with malformed extended header attributes in locatehandler and xattrdecoder...

Dagu has an incomplete fix for CVE-2026-27598: path traversal via %2F-encoded slashes in locateDAG

The fix for CVE-2026-27598 commit e2ed589, PR 1691 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath to use filepath.Base. This patched the CREATE path. The remaining API endpoints - GET, DELETE, RENAME, EXECUTE - all pass the fileName URL path parameter to locateDAG without...

CVE-2026-2448 Page Builder by SiteOrigin <= 2.33.5 - Authenticated (Contributor+) Local File Inclusion

The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locatetemplate function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary fil...

SUSE CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

DEBIAN-CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318

The CVE-2026-26318 issue affects the systeminformation package for Node.js: versions prior to 5.31.0 are vulnerable to local command injection via unsanitized output from the locate command in versions(). Version 5.31.0 fixes the issue. Root has patched the vulnerability in @rootio/systeminformat...

CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318 systeminformation has Command Injection via Unsanitized `locate` Output in `versions()`

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM library developed by Sebastian Hildebrandt that allows access to operating system information. Versions of SystemInformation prior to 5.31.0 contained a vulnerability related to operating system command injection, caused by uncleaned locate output in the versions...

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the versions function, which executes a locate command to find a PostgreSQL installation on Linux. An attacker who can write files to the target...

GHSA-5VV4-HVF7-2H46 Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation

Command Injection via Unsanitized locate Output in versions — systeminformation Package: systeminformation npm Tested Version: 5.30.7 Affected Platform: Linux Author: Sebastian Hildebrandt Weekly Downloads: 5,000,000+ Repository: https://github.com/sebhildebrandt/systeminformation Severity: Mediu...

Command Injection via Unsanitized `locate` Output in `versions()` — systeminformation

Command Injection via Unsanitized locate Output in versions — systeminformation Package: systeminformation npm Tested Version: 5.30.7 Affected Platform: Linux Author: Sebastian Hildebrandt Weekly Downloads: 5,000,000+ Repository: https://github.com/sebhildebrandt/systeminformation Severity: Mediu...

PT-2026-20783

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.31.0 Description The systeminformation library for node.js is susceptible to command injection through unsanitized output from the locate command within the versions function. This occurs when detecting th...

MAL-2026-752 Malicious code in locate-path_updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f73581936729923d61e5195115627693c9929bc048b9900da7dee76db9b6b37b The package locate-pathupdated was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview locate-pathupdated is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in locate-path_updated (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f73581936729923d61e5195115627693c9929bc048b9900da7dee76db9b6b37b The package locate-pathupdated was found to contain malicious code. Source: ghsa-malware...