UBUNTU-CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 CVSS score: 4.3, a spoofing vulnerability that could allow an attacker to...

[SECURITY] Fedora 44 Update: gum-0.17.0-3.fc44

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

CVE-2026-7039

A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description leads to command injection. The attack must be carried out locally. The exploit has been disclosed...

[SECURITY] Fedora 42 Update: gum-0.16.1-2.fc42

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

GHSA-5799-3XG7-RFRV Duplicate Advisory: OpenClaw: SSH sandbox tar upload follows symlinks, enabling arbitrary file write on remote host

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fv94-qvg8-xqpw. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote...

CVE-2026-41364

OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archives containing symlinks to escape the sandbox and overwrite files on the remote host...

CVE-2026-41526

In KDE KCoreAddons prior to 6.25, the KShell::quoteArgs function intended to safely quote arguments for shell commands does not correctly handle metacharacters, enabling possible shell escapes. The issue affects applications using this path to process user input in security-critical contexts, not...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

EUVD-2026-26004

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

Juniper Junos OS Vulnerability (JSA75724)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA75724 advisory. - A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon sshd instances, of Juniper Networks Junos OS...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

This Week in Spring - April 28th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! As I write this, I'm on PTO in beautiful Santorini, Greece, catching up on some news and about to cruise the islands for some sightseeing. There's nothing quite like springtime in the Mediterranean! I couldn't dream of enjoyin...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from a privilege escalation vulnerability that allowed attackers to bypass the execution allowlist, enabling...

PT-2026-35776

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An exec allowlist bypass allows attackers to inherit allowlist trust through shell init-file wrapper invocations. By utilizing shell options such as --rcfile, --init-file, and --startup-file,...

PT-2026-35678

Name of the Vulnerable Software and Affected Versions KDE KCoreAddons versions prior to 6.25 Description The KShell::quoteArgs function is designed to safely quote arguments for shell commands. However, it fails to adequately handle metacharacters, which can lead to a shell escape. Applications...

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

Microsoft Windows Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network...