Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
πŸ”₯ Daily Hot!
πŸ’ͺ🏽 CPE Enhanced Advisories
πŸ•Ά Shadow Exploits
πŸ•΅πŸΌ Vulners CPE
πŸ” Security news
πŸ’» Exploit updates
πŸ“‘ Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
πŸ€– AI High Score
πŸ“° CVE Feed
show all

6 matches found

NVD
NVDβ€’added 2025/12/16 7:16 p.m.β€’3 views

CVE-2025-68154

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

8.1CVSS0.00048EPSS
Exploits1References2
Cvelist
Cvelistβ€’added 2025/12/16 6:18 p.m.β€’27 views

CVE-2025-68154 Command Injection in fsSize() on Windows

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

8.1CVSS0.00048EPSS
Exploits1References2
Vulnrichment
Vulnrichmentβ€’added 2025/11/13 1:0 p.m.β€’1 views

CVE-2025-12763 Command injection vulnerability allowing arbitrary command execution on Windows

pgAdmin 4 versions up to 9.9 are affected by a command injection vulnerability on Windows systems. This issue is caused by the use of shell=True during backup and restore operations, enabling attackers to execute arbitrary system commands by providing specially crafted file path input...

6.8CVSS7.7AI score0.00041EPSS
Exploits0References1
Vulnrichment
Vulnrichmentβ€’added 2025/10/28 9:36 p.m.β€’1 views

CVE-2025-62801 FastMCP vulnerable to windows command injection in FastMCP Cursor installer via server_name

FastMCP is the standard framework for building MCP applications. Versions prior to 2.13.0, a command-injection vulnerability lets any attacker who can influence the servername field of an MCP execute arbitrary OS commands on Windows hosts that run fastmcp install cursor. This vulnerability is fix...

5.4CVSS7AI score0.00049EPSS
Exploits1References1
OpenVAS
OpenVASβ€’added 2024/09/10 12:0 a.m.β€’9 views

Fedora: Security Advisory (FEDORA-2024-6bc17db348)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS8.4AI score0.80539EPSS
Exploits10References4
myhack58
myhack58β€’added 2016/01/26 12:0 a.m.β€’25 views

Google Finance was traced to reflected File Download(RFD)vulnerabilities-vulnerability warning-the black bar safety net

! A Portuguese network security expert David Sopas found the impact of Google Finance a reflected File DownloadRFDvulnerabilities. I'm in audits of other clients time to discover this vulnerability, through RFD, you need to establish a page to force the download. This Google JSON file of the...

0.4AI score
Exploits0
Rows per page
Query Builder