Lucene search
K

244 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42855

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-41880

R-SOFT DMS is vulnerable to OS Command Injection in the Optical Character Recognition OCR module. Multiple command execution functions accept user-controllable file paths without proper sanitization before passing them to the system shell via SSH. In current infrastructure the URL encoding...

9CVSS6.2AI score0.01331EPSS
Exploits0References2
CVE
CVE
added 5 days ago9 views

CVE-2026-41880

CVE-2026-41880: R-SOFT DMS OCR module is vulnerable to OS Command Injection via unsanitized user-controllable file paths passed to the system shell through SSH. An authenticated attacker triggering OCR on an uploaded file can execute commands as root. The issue is mitigated by fixes in v3.19-2862...

9CVSS6.2AI score0.01331EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 2:39 p.m.15 views

MAL-2026-4821 Malicious code in pywingui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6db77876bf3b13e55750748761841f7ab77f17bd951bdc1c749e1e56d4416d7e pywingui 6.0.1 advertises itself as a Win32 UI automation framework but ships only Nuitka-compiled cp311-win32.pyd binaries the 4.py files are trivia...

5.8AI score
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 1:31 a.m.12 views

Malicious code in carvus-lens (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector be2182b552b0a8359f3314078d48310cfcd57738e1934aacf00ac8775a32cfe0 carvus-lens is a screen-capture/OCR Electron-style tool whose advertised 'Ask AI', 'Translate', and 'Search' features silently route user-selected...

6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 8:21 p.m.11 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/07 3:38 p.m.11 views

NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM: node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js vulnerability discovered by ? in WordPress Npm node-ts-ocr versions 1.0.15...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/07 3:38 p.m.5 views

stats-fr-emarque-basketball-extractor (>=1.0.0 <=1.0.2) potentially affected by CVE-2025-63705 via node-ts-ocr (=1.0.15)

node-ts-ocr NPM version =1.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on node-ts-ocr and may be impacted: - stats-fr-emarque-basketball-extractor =1.0.0, =1.0.2 Source cves: CVE-2025-63705 Source advisory: OSV:GHSA-8JH2-3MW6-6PFM...

8.8CVSS5.8AI score0.01185EPSS
Exploits0
EUVD
EUVD
added 2026/05/07 3:38 p.m.10 views

EUVD-2025-209722

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

5.8AI score0.01185EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 3:38 p.m.16 views

node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/07 3:38 p.m.6 views

GHSA-8JH2-3MW6-6PFM node-ts-ocr is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/07 3:27 p.m.11 views

Command Injection

Overview node-ts-ocr is an A simple wrapper around command-line utils to assist in PDF / Image OCR Optical Character Recognition processing using Tesseract. Affected versions of this package are vulnerable to Command Injection via the invokeImageOcr function. An attacker can execute arbitrary...

9.8CVSS6AI score0.01185EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/07 3:27 p.m.7 views

stats-fr-emarque-basketball-extractor (>=1.0.0 <=1.0.2) potentially affected by CVE-2025-63705 via node-ts-ocr (=1.0.15)

node-ts-ocr NPM version =1.0.15 is affected by a known vulnerability. The following packages have a transitive dependency on node-ts-ocr and may be impacted: - stats-fr-emarque-basketball-extractor =1.0.0, =1.0.2 Source cves: CVE-2025-63705 Source advisory: SNYK:JS-NODETSOCR-16787371...

8.8CVSS5.4AI score0.01185EPSS
Exploits0
NVD
NVD
added 2026/05/07 3:16 p.m.11 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

8.8CVSS0.01185EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Node Typescript OCR 安全漏洞

Node Typescript OCR is a command-line PDF and image OCR processing tool developed by Nicolas Pearson. Version 1.0.15 of Node Typescript OCR contains a security vulnerability, which stems from the invokeImageOcr function in src/index.js, where OS command injection occurs...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/07 12:0 a.m.8 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

5.8AI score0.01185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/07 12:0 a.m.7 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

5.8AI score0.01185EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 12:0 a.m.14 views

CVE-2025-63705

The CVE-2025-63705 entry concerns the NPM package node-ts-ocr version 1.0.15, with a reported OS Command Injection via the invokeImageOcr function in src/index.js. The vulnerability is described as enabling arbitrary command execution with a network attack vector, as indicated by the CVSS 3.1 met...

8.8CVSS5.8AI score0.01185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/07 12:0 a.m.36 views

CVE-2025-63705

NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js...

0.01185EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/04/27 12:0 a.m.164 views

📄 node-tesseract-ocr 2.2.1 Command Injection

In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...

9.8CVSS5.4AI score0.01706EPSS
Exploits3
Rows per page
Query Builder