EUVD-2026-4943

gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...

CVE-2026-25063

gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...

PT-2026-5364

Name of the Vulnerable Software and Affected Versions gradle-completion versions prior to 9.3.1 Description gradle-completion offers Bash and Zsh completion support for Gradle. A command injection issue exists in versions up to and including 9.3.0, potentially leading to arbitrary code execution...

GHSA-R39X-JCWW-82V6 Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

Summary The Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment e.g. Git Bash and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can...

Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

Summary The Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP is executed from an MSYS2-based environment e.g. Git Bash and Symfony Process spawns native Windows executables, MSYS2’s argument/path conversion can...

CVE-2026-24739

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

CVE-2026-24739

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

CVE-2026-24739 Symfony has incorrect argument escaping under MSYS2/Git Bash on Windows that can lead to destructive file operations

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

CVE-2026-24739

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

CVE-2026-24739

Summary: CVE-2026-24739 affects the Symfony Process component in Symfony PHP framework. Prior to fixes, unquoted arguments containing characters like “=” could be mis-handled when PHP runs under MSYS2-based environments (e.g., Git Bash) and Symfony spawns native Windows executables. This could co...

PT-2026-5124

Name of the Vulnerable Software and Affected Versions Symfony versions prior to 5.4.51 Symfony versions prior to 6.4.33 Symfony versions prior to 7.3.11 Symfony versions prior to 7.4.5 Symfony versions prior to 8.0.5 Description The Symfony Process component did not properly handle certain...

Information disclosure in Brocade Fabric OS before 9.2.1c2, 9.2.2 through 9.2.2a and 10.0.0 (CVE-2026-0383)

A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...

POC-Generator-Burp_Suite_Extension

🎯 POC Generator - Burp Suite Extension From vulnerability...

CVE-2021-47903

LiteSpeed Web Server Enterprise version 5.4.11 has an authenticated command injection vulnerability in the external app configuration interface. A user with administrative privileges can inject shell commands via the Command parameter, enabling remote code execution through path traversal and bas...

CVE-2021-47903 LiteSpeed Web Server Enterprise 5.4.11 - Command Injection

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

CVE-2021-47903

LiteSpeed Web Server Enterprise 5.4.11 contains an authenticated command injection vulnerability in the external app configuration interface. Authenticated administrators can inject shell commands through the 'Command' parameter in the server configuration, allowing remote code execution via path...

AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

Really interesting blog post from Anthropic: In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. Th...

VulnCheck KEV: CVE-2020-11963

IQrouter through 3.3.1, when unconfigured, has multiple remote code execution vulnerabilities in the web-panel because of Bash Shell Metacharacter Injection. Note: The vendor claims that this vulnerability can only occur on a brand-new network that, after initiating the forced initial configurati...