Critical Alert 3 Active Exploits Detected Today

CVE-2026-11645 Google Chromium V8 Out-of-Bounds Read and Write Vulnerability →
CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability →
CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability →
Powered by CVE Watchtower
×

Critical Alert

CVE-2026-50751 - Critical Check Point VPN Exploit Discovered Active in the Wild. View Threat Details →
Powered by CVE WATCHTOWER
×
June 10, 2026

CVE Watchtower


← Back to CVE List

CVE-2025-68154NVD

Vulnerability Summary

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this function. The actual exploitability depends on how applications use this function. If an application does not pass user-controlled input to `fsSize()`, it is not vulnerable. Version 5.27.14 contains a patch.
Severity Level
HIGH(8.1)
Published Date
Dec 16, 2025
Last Modified
Feb 19, 2026
Exploitation Status
????
EPSS Score (30-Day)
0.06%Probability
Root Weakness (CWE)
CWE-78: OS Command Injection β†—
The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.
CVSS v3.1 Base Metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

External References