CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

CVE-2026-26318

systeminformation is a System and OS information library for node.js. Versions prior to 5.31.0 are vulnerable to command injection via unsanitized locate output in versions. Version 5.31.0 fixes the issue...

systeminformation 操作系统命令注入漏洞

SystemInformation is a NPM library developed by Sebastian Hildebrandt that allows access to operating system information. Versions of SystemInformation prior to 5.31.0 contained a vulnerability related to operating system command injection, caused by uncleaned locate output in the versions...

CVE-2025-48889

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

PYSEC-2025-119

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

CVE-2025-48889 Gradio Allows Unauthorized File Copy via Path Manipulation

Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version 5.31.0, an arbitrary file copy vulnerability in Gradio's flagging feature allows unauthenticated attackers to copy a...

CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

CVE-2025-26619

Vega (Node) and Vega‑functions prior to versions 5.31.0/5.16.0 allow calling JavaScript functions from the Vega expression language that were not meant to be supported. This is the CVE-2025-26619 issue; the root cause is exposure of arbitrary JS execution through the expression interpreter. The v...

Tildeslash Monit 安全漏洞

Tildeslash Monit is a small open source utility for managing and monitoring Unix and Linux systems from Tildeslash Norway. A security vulnerability exists in Tildeslash Monit versions prior to 5.31.0, which stems from a vulnerability that allows a remote attacker to gain escalated privileges due ...