EUVD-2025-25196

Malicious code in bioql PyPI...

CVE-2025-55294

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

electron-staff (=1.0.0), https-curl (=1.7.9) +2 more potentially affected by CVE-2025-55294 via screenshot-desktop (>=0.0.0-development <=1.15.1)

screenshot-desktop NPM version =0.0.0-development, =1.0.0, =1.0.1 Source cves: CVE-2025-55294 Source advisory: OSV:GHSA-GJX4-2C7G-FM94...

screenshot-desktop vulnerable to command Injection via `format` option

Impact This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. An attacker can craft malicious input such as: format: "; echo vulnerable /tmp/hello;" This...

Arbitrary Command Injection

Overview screenshot-desktop is a Capture a screenshot of your local machine Affected versions of this package are vulnerable to Arbitrary Command Injection via the format option in the Snapshot functions. An attacker can execute arbitrary commands with the privileges of the calling process by...

https-curl (=1.7.9), multi-installer (=0.0.1) +1 more potentially affected by CVE-2025-55294 via screenshot-desktop (>=1.15.0 <=1.15.1)

screenshot-desktop NPM version =1.15.0, =1.0.0, =1.0.1 Source cves: CVE-2025-55294 Source advisory: SNYK:JS-SCREENSHOTDESKTOP-12028632...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-55294

The CVE-2025-55294 issue affects the screenshot-desktop package. The vulnerability stems from the format option in the Snapshot function, where user-controlled input is interpolated into a shell command without sanitization, enabling arbitrary command execution with the caller’s privileges. Repor...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

CVE-2025-55294 Command Injection via `format` option in screenshot-desktop

screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary...

screenshot-desktop 命令注入漏洞

screenshot-desktop is a screenshot software by the individual developer Ben Evans. A command injection vulnerability exists in screenshot-desktop that stems from the format option not being cleaned of user input, which could lead to command injection...

PT-2025-33818 · Unknown · Screenshot-Desktop

Name of the Vulnerable Software and Affected Versions: screenshot-desktop versions prior to 1.15.2 Description: screenshot-desktop is susceptible to a command injection issue. User-controlled input provided to the format option of the screenshot function is interpolated into a shell command witho...