51 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-26280
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks functio...
CVE-2026-45255
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...
FreeBSD Security Advisory - FreeBSD-SA-26:23.bsdinstall
FreeBSD Security Advisory - When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not...
[SECURITY] Fedora 44 Update: qt6-qtpositioning-6.10.3-1.fc44
The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...
Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals
Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...
CVE-2026-23809
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...
EUVD-2026-9415
A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...
SUSE CVE-2026-26280
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280
A flaw was found in systeminformation. An attacker can exploit a command injection vulnerability in the wifiNetworks function by providing a specially crafted network interface parameter. This occurs because the parameter is not properly sanitized in a retry mechanism, allowing for the execution ...
DEBIAN-CVE-2026-26280
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...
CVE-2026-26280
CVE-2026-26280 affects the systeminformation library for Node.js. In versions prior to 5.30.8, wifiNetworks() is vulnerable to command injection: if the initial interface input yields no results, a retry path calls getWifiNetworkListIw(iface) with the original, unsanitized iface value, which is p...
Command Injection
Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the wifiNetworks function. Although the iface parameter is sanitized, it is passed unsanitized to execSync when a timeout triggers a retry. An attack...
GHSA-9C88-49P5-5GGF Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...
Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path
Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...
PT-2026-20782
Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.30.8 Description The software contains a command injection issue in the wifiNetworks function. This allows an attacker to execute arbitrary OS commands through an unsanitized network interface parameter...
EUVD-2020-3437
Malware in sbrugna...