CVE-2026-40520

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

BIT-AIRFLOW-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

From-Shell-to-Root

🔥 Red Team Notes Pentesting This repository contains real-w...

Malicious code in my-package-jiecub3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1ec43b076f10c0f300bdde6c106bc020894f238b7b2b72e3a3c146d189bdb3a4 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

MAL-2026-2962 Malicious code in my-package-jiecub3 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1ec43b076f10c0f300bdde6c106bc020894f238b7b2b72e3a3c146d189bdb3a4 During installation, the package attempts to create a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers...

Microsoft Windows Shell Elevation of Privilege Vulnerability (CNVD-2026-20175)

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

Microsoft Windows Shell Security Feature Bypass Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A security feature bypass...

Oracle MySQL Shell 安全漏洞

Oracle MySQL Shell is a database command-line management tool developed by Oracle Corporation. Vulnerabilities exist in versions 8.0.0 to 8.0.45, 8.4.0 to 8.4.8, and 9.0.0 to 9.6.0 of Oracle MySQL Shell. These vulnerabilities stem from issues with the Shell: Core Client component, allowing...

PT-2026-34140

Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.0.0 through 8.0.45 MySQL Shell versions 8.4.0 through 8.4.8 MySQL Shell versions 9.0.0 through 9.6.0 Description An issue in the Shell: Core Client component allows a high-privileged attacker with network access via...

Microsoft Windows Shell Elevation of Privilege Vulnerability (CNVD-2026-20176)

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

Microsoft Windows Shell Elevation of Privilege Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

Microsoft Windows Shell Spoofing Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A spoofing vulnerability exists in...

Oracle MySQL Shell 安全漏洞

Oracle MySQL Shell is a command line tool and advanced client for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an...

PT-2026-34141

Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.0.0 through 8.0.45 MySQL Shell versions 8.4.0 through 8.4.8 MySQL Shell versions 9.0.0 through 9.6.0 Description An issue in the Shell: Core Client component allows a low privileged attacker with access to the...

Fortra GoAnywhere MFT 安全漏洞

Fortra GoAnywhere MFT is a file transfer software developed by the American company Fortra. Versions of Fortra GoAnywhere MFT prior to 7.10.0 contained a security vulnerability. This vulnerability stemmed from the SFTP service not enforcing login restrictions when the web user was configured to l...

PT-2026-34139

Name of the Vulnerable Software and Affected Versions MySQL Shell versions 8.0.0 through 8.0.45 MySQL Shell versions 8.4.0 through 8.4.8 MySQL Shell versions 9.0.0 through 9.6.0 Description An issue in the Shell: Core Client component allows a low privileged attacker with access to the...

Oracle MySQL Shell 安全漏洞

Oracle MySQL Shell is a command line tool for managing and operating MySQL databases. A denial of service vulnerability exists in Oracle MySQL Shell. The vulnerability stems from the Core Client component failing to properly handle certain inputs and can be exploited by an attacker to cause MySQL...

Microsoft Windows Shell Information Disclosure Vulnerability

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft USA.Easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. On some versions of Windows, featur...

FreePBX api 操作系统命令注入漏洞

FreePBX API is an open-source plugin developed by FreePBX. Versions of the FreePBX API module prior to 17.0.8 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the GraphQL mutation input fields in the initiateGqlAPIProcess function being pass...