Lucene search
K

51 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-26280

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks functio...

8.4CVSS6.2AI score0.01233EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:27 a.m.7 views

CVE-2026-45255

When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by...

7.5CVSS6AI score0.00305EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/20 12:0 a.m.11 views

FreeBSD Security Advisory - FreeBSD-SA-26:23.bsdinstall

FreeBSD Security Advisory - When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog1 to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not...

7.5CVSS5.9AI score0.00305EPSS
Exploits0
Fedora
Fedora
added 2026/04/25 1:55 a.m.6 views

[SECURITY] Fedora 44 Update: qt6-qtpositioning-6.10.3-1.fc44

The Qt Positioning APIs gives developers the ability to determine a position by using a variety of possible sources, including satellite, or wifi, or text file, and so on...

5.3AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/26 12:0 a.m.4 views

Usability of Passwordless Authentication in Wi-Fi Networks: A Comparative Study of Passkeys and Passwords in Captive Portals

Passkeys have recently emerged as a passwordless authentication mechanism, yet their usability in captive portals remains unexplored. This paper presents an empirical, comparative usability study of passkeys and passwords in a Wi-Fi hotspot using a captive portal. We conducted a controlled...

5.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/05 7:31 p.m.5 views

CVE-2026-23809

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

7.6CVSS5.8AI score0.00259EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/04 6:31 p.m.6 views

EUVD-2026-9415

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

5.4CVSS5.8AI score0.00259EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/21 12:24 a.m.5 views

SUSE CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS6.3AI score0.01233EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/20 4:1 p.m.6 views

CVE-2026-26280

A flaw was found in systeminformation. An attacker can exploit a command injection vulnerability in the wifiNetworks function by providing a specially crafted network interface parameter. This occurs because the parameter is not properly sanitized in a retry mechanism, allowing for the execution ...

8.4CVSS6.1AI score0.01233EPSS
Exploits1References5
OSV
OSV
added 2026/02/19 8:25 p.m.6 views

DEBIAN-CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

7.8CVSS6.2AI score0.01233EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 8:25 p.m.7 views

CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS0.01233EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/02/19 7:43 p.m.7 views

CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS6.4AI score0.01233EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/19 7:43 p.m.28 views

CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS0.01233EPSS
Exploits1References2
CVE
CVE
added 2026/02/19 7:43 p.m.18 views

CVE-2026-26280

CVE-2026-26280 affects the systeminformation library for Node.js. In versions prior to 5.30.8, wifiNetworks() is vulnerable to command injection: if the initial interface input yields no results, a retry path calls getWifiNetworkListIw(iface) with the original, unsanitized iface value, which is p...

8.4CVSS6.3AI score0.01233EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/02/19 7:43 p.m.9 views

CVE-2026-26280

systeminformation is a System and OS information library for node.js. In versions prior to 5.30.8, a command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. In...

8.4CVSS6.2AI score0.01233EPSS
Exploits1
Snyk
Snyk
added 2026/02/18 9:51 p.m.3 views

Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the wifiNetworks function. Although the iface parameter is sanitized, it is passed unsanitized to execSync when a timeout triggers a retry. An attack...

8.4CVSS6.1AI score0.01233EPSS
Exploits1References2
OSV
OSV
added 2026/02/18 9:51 p.m.3 views

GHSA-9C88-49P5-5GGF Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path

Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...

8.4CVSS6.5AI score0.01233EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/18 9:51 p.m.7 views

Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path

Summary A command injection vulnerability in the wifiNetworks function allows an attacker to execute arbitrary OS commands via an unsanitized network interface parameter in the retry code path. Details In lib/wifi.js, the wifiNetworks function sanitizes the iface parameter on the initial call lin...

8.4CVSS6.5AI score0.01233EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.5 views

PT-2026-20782

Name of the Vulnerable Software and Affected Versions systeminformation versions prior to 5.30.8 Description The software contains a command injection issue in the wifiNetworks function. This allows an attacker to execute arbitrary OS commands through an unsanitized network interface parameter...

8.4CVSS6.2AI score0.01233EPSS
Exploits1References16
EUVD
EUVD
added 2025/10/07 12:30 a.m.17 views

EUVD-2020-3437

Malware in sbrugna...

9CVSS8.6AI score0.10949EPSS
Exploits7References5
Rows per page
Query Builder