📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass

Remote Sunrise Helper for Windows version 2026.14 suffers from a local UAC bypass vulnerability via the Icon Import dialog. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - UAC Bypass via Icon Import Dialog Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

CVE-2026-22168

OpenClaw versions prior to 2026.2.21 contain an approval-integrity mismatch vulnerability in system.run that allows authenticated operators to execute arbitrary trailing arguments after cmd.exe /c while approval text reflects only a benign command. Attackers can smuggle malicious arguments throug...

CVE-2026-28391

OpenClaw vulnerability CVE-2026-28391 affects OpenClaw versions prior to 2026.2.2. The issue stems from improper validation of Windows cmd.exe metacharacters in allowlist-gated exec requests, allowing remote attackers to bypass command approval and craft command strings with shell metacharacters ...

OpenClaw has Windows system.run approval mismatch on cmd.exe /c trailing arguments

Summary A Windows system.run approval-integrity mismatch in the cmd.exe /c path could allow trailing arguments to execute while approval/audit text reflected only a benign command string. This requires an authenticated operator context using the approvals flow and a trusted Windows node. Affected...

OpenClaw's Windows cmd.exe parsing may bypass exec allowlist/approval gating

Summary On Windows nodes, exec requests were executed via cmd.exe /d /s /c . In allowlist/approval-gated mode, the allowlist analysis did not model Windows cmd.exe parsing and metacharacter behavior. A crafted command string could cause cmd.exe to interpret additional operations for example comma...

CVE-2024-39613

Mattermost Desktop App versions =5.8.0 fail to specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine...

EUVD-2020-19424

Malware in sbrugna...

EUVD-2007-3685

Malware in sbrugna...

EUVD-2018-19037

Malware in sbrugna...

EUVD-2003-1397

Malware in sbrugna...

EUVD-2024-2889

Malicious code in bioql PyPI...

EUVD-2024-0997

Malicious code in bioql PyPI...

CVE-2020-26894

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell" function, it will attempt to search for "cmd.exe" in the folder of the current...

CVE-2019-17664

NSA Ghidra through 9.0.4 uses a potentially untrusted search path. When executing Ghidra from a given path, the Java process working directory is set to this path. Then, when launching the Python interpreter via the "Ghidra Codebrowser Window Python" option, Ghidra will try to execute the cmd.exe...

Environment Variable Exposure

Shescape is vulnerable to Environment Variable Exposure. The vulnerability is due to improper escaping of % characters in user input when using shell: 'cmd.exe' or shell: true, which allows an attacker to read environment variables through unintended variable substitution...

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

CVE-2024-51736

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...

CVE-2024-51736 Command execution hijack on Windows with Process class in symfony/process

Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. On Windows, when an executable file named cmd.exe is located in the current working directory it will be called by the Process class when preparing command arguments, leading to possible hijackin...