CVE-2026-25185

Technical details (affected products, components, root cause, impact, and remediation) are not provided in the supplied documents. Monitor for updates.

CVE-2026-22628

An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file...

CVE-2026-22628

CVE-2026-22628 describes an improper access control flaw in Fortinet FortiSwitch AXFixed, affecting versions 1.0.0 through 1.0.1. An authenticated admin can execute system commands by supplying a specially crafted SSH config file, enabling local command execution with low impact vector (local, lo...

CVE-2026-25573

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise...

Windows Shell Link Processing Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network...

pentesting-notes

🔐 Pentesting Notes Personal penetration testing documentati...

pentesting-writeups

🔐 Pentesting Writeups Personal penetration testing document...

Exploit for Code Injection in Anthropic Claude_Code

Claude Code: MCP Tool Confirmation Prompt Misrepresentation !...

PT-2026-24223

A vulnerability has been identified in SICAM SIAPP SDK All versions V2.1.7. The affected application builds shell commands with caller-provided strings and executes them. An attacker could influence the executed command, potentially resulting in command injection and full system compromise...

This Week in Spring - March 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring. As I write this, I am preparing for a trip to Rust, Germany, for one of the best Java conferences in Europe: JavaLand, along with its new companion event, DevLand. It should be fun. Will you be around? If so, say hi. We have ...

Fortinet FortiSwitchAXFixed 访问控制错误漏洞

The Fortinet FortiSwitchAXFixed is a network switch device developed by the American company Fortinet. There was an access control vulnerability in the Fortinet FortiSwitchAXFixed version 1.0.0 to 1.0.1. This vulnerability stemmed from improper access control, allowing authenticated administrator...

PT-2026-24309

Name of the Vulnerable Software and Affected Versions Windows affected versions prior to March 2026 updates Description An issue in Windows Shell Link Processing, specifically within the IShellLink interface, involves the exposure of sensitive information due to insufficient protection of service...

📄 ASUS Router Multi-Stage Command Injection

A multi‑stage command injection vulnerability allows an attacker to achieve remote command execution on a vulnerable ASUS router by abusing the SETROOTCERTIFICATE and APPLYAPP HTTP methods. In the first stage, a malicious shell script is uploaded to the target system disguised as a certificate fi...

Microsoft Windows Shell 信息泄露漏洞

Microsoft Windows Shell is the graphical user interface of the Windows operating system developed by Microsoft. Key features of the Windows Shell include the desktop, taskbar, start menu, task switcher, and auto-play functions. In some versions of Windows, features like Flip 3D and Charm are also...

About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability

About Remote Code Execution - Windows Shell CVE-2026-21510 vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar...

CVE-2026-30916

CVE-2026-30916 relates to the Shescape JavaScript library. Prior to version 2.1.9, an attacker could bypass shell escaping when the configured shell pointed to a file that is a chain of symlinks, potentially exposing sensitive information depending on the shell used. A fix is available in 2.1.9. ...

CVE-2026-30916 Shescape has possible misidentification of shell due to link chains

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

CVE-2026-30916

REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: Further investigation determined that the software behavior described did not falls within the project's threat model. See https://github.com/github/advisory-database/pull/7206 for more information...

EUVD-2026-10424

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...

EUVD-2026-10425

Shescape is a simple shell escape library for JavaScript. Prior to 2.1.9, an attacker may be able to bypass escaping for the shell being used. This can result, for example, in exposure of sensitive information. This impacts users of Shescape that configure their shell to point to a file on disk...