CVE-2026-28732 Slash command trigger-word update allowed command hijacking

Mattermost versions 11.5.x = 11.5.1, 10.11.x = 10.11.13, 11.4.x = 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with Manage Own Slash Commands permission to hijack and impersonate existing system or custom slash...

Hidden Functionality

Overview Affected versions of this package are vulnerable to Hidden Functionality via a hidden FTP command trigger in the process. An attacker can execute arbitrary shell commands with root privileges by sending a specially crafted FTP command. Remediation Upgrade proftpd/proftpd to version 1.3.3...

WebAssembly Jobs and CronJobs in Kubernetes with SpinKube & the Spin Command Trigger

Learn how to run WebAssembly workloads as Kubernetes Jobs and CronJobs using SpinKube and the Spin command trigger...

CVE-2019-15029

FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the serviceedit.php file which will insert the malicious command into the database. To trigger the command, one needs to call the services.php file via a GET request with the service id...