CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

PT-2026-44117

Name of the Vulnerable Software and Affected Versions Microsoft UFO versions prior to 3.0.1 Description An OS command injection issue exists in the shell action replay path. The functions ShellReceiver.run shell and ShellReceiver.execute command pass command strings from action parameters directl...

CVE-2026-36044

CVE-2026-36044 affects @pensar/apex

UFO³ 操作系统命令注入漏洞

UFO³ is an open-source cross-device collaboration multi-agent task orchestration tool developed by Microsoft. Versions of UFO³ prior to v3.0.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the use of ShellReceiver.runshell, which directly...

pam_usb 参数注入漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contained a parameter injection vulnerability. This vulnerability stems from the use of specially crafted UUIDs in configurations e.g., $id/tmp/rce,...

PT-2026-43657

Unrestricted Upload of File with Dangerous Type vulnerability in WPify WPify Woo Czech wpify-woo allows Upload a Web Shell to a Web Server.This issue affects WPify Woo Czech: from n/a through = 5.4.1...

pam_usb 安全漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 contain security vulnerabilities. These vulnerabilities stem from the code in src/tmux.c, which reads the user’s $TMUX environment variable and insert...

CVE-2026-36044

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smartenumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js...

PT-2026-44113

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description In the src/tmux.c file, the software reads the $TMUX environment variable, splits it by commas, and interpolates the socket-path component directly into a shell command executed via the popen functio...

📄 Windows Shell LNK Spoofing / NTLMv2 Hash Capture

A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv2 hashes without user interaction. By crafting a malicious .lnk shortcut file with a UNC path pointing to an attacker-controlled SMB server, the target's Windows system automatically sends an NTLMv2...

PT-2026-43704

IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can execute root‑level commands, obtain a root shell, and change the root user’s password. Successf...

PT-2026-43702

@pensar/apex = 0.0.58 is vulnerable to OS command injection via the smart enumerate tool. The createSmartEnumerateTool function in src/core/agent/tools.ts constructs a shell command by concatenating unsanitized values from the extensions array and url parameter into a string passed to Node.js chi...

CVE-2026-44985

Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: funcr http.Request bool return true , accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: Lax, this enables...

[SECURITY] [DSA 6300-1] node-shell-quote security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6300-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff May 26, 2026 https://www.debian.org/security/faq -...

MAL-2026-4828 Malicious code in hmacsync (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d361ffcded0fc3d88b5095d800b13b3f8a07a581e8003c30bfcf9887eb71243f The package is a new version of the previously removed libhmac. The key parts, a malicious payload to inject into hijacked browser extensions, is not included ...

CVE-2026-44449 Lumiverse: SMB `exists()` basename injection via smbclient `!cmd` escape

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPathfullPath call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation...

IMVU-Exploits

IMVU Exploits IMVU Classic Client v3.6.15 - Complete exploita...

USN-8309-1: libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

USN-8309-1 libssh2 vulnerability

It was discovered that libssh2 incorrectly handled username and password length values during SSH password authentication. A remote attacker could possibly use this issue to cause a denial of service...

UBUNTU-CVE-2026-48695

FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...