CVE-2022-1341

An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.

CVE-2023-26129

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the...