CVE-2026-34938

The connected GHSA advisory describes a sandbox-escape in PraisonAI’s Python tools: execute_code() in praisonai-agents allows attacker-controlled Python to bypass a three-layer sandbox by subclassing str to override startswith(), bypassing _safe_getattr and enabling arbitrary OS command execution...

MAL-2026-2481 Malicious code in strapi-plugin-notify (npm)

strapi-plugin-notify is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network topology...

MAL-2026-2449 Malicious code in mgc (npm)

Package fetches platform-specific stage-2 payloads from a GitHub Gist. The stage-2 payloads are full Remote Access Trojans RATs for Linux Python and Windows PowerShell that beacon to a C2 server, exfiltrate system information, enumerate directories, execute arbitrary commands, and support binary...

Electron: Service worker can spoof executeJavaScript IPC replies

Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...

Insufficient Verification of Data Authenticity

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker can manipulate t...

EUVD-2026-18955

Electron: Service worker can spoof executeJavaScript IPC replies...

PT-2026-30008

Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...

PraisonAI 安全漏洞

PraisonAI is a low-code multi-intelligent body collaboration framework. PraisonAI suffers from a security vulnerability that stems from the fact that the three-layer sandboxing of the executecode function can be completely bypassed, which can be exploited by an attacker to cause the execution of...

CVE-2026-34528

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...

HTTPS Fetch, Windows Upload/Execute, Find Tag Ordinal Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Use an established connection Module Options msf use payload/cmd/windows/https/x86/upexec/findtag msf payloadfindtag show actions ...actions... msf payloadfindtag set ACTION msf payloadfindtag show...

HTTPS Fetch, Windows Upload/Execute, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/https/x86/upexec/bindhiddentcp msf payloadbindhiddentcp show action...

HTTPS Fetch, Windows Command Shell, Reverse TCP Stager (IPv6)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker over IPv6 Module Options msf use payload/cmd/windows/https/x86/shell/reverseipv6tcp msf payloadreverseipv6tcp show actions ...actions... msf payloadreverseipv6tcp set ACTION msf...

HTTPS Fetch, Windows Command Shell, Bind IPv6 TCP Stager (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Listen for an IPv6 connection Windows x86 Module Options msf use payload/cmd/windows/https/x86/shell/bindipv6tcp msf payloadbindipv6tcp show actions ...actions... msf payloadbindipv6tcp set ACTION msf...

HTTPS Fetch, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/peinject/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

HTTPS Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/peinject/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options ...show and...

HTTPS Fetch, Windows Upload/Execute, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Connect back to the attacker Module Options msf use payload/cmd/windows/https/x86/upexec/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf...

HTTPS Fetch, Windows Upload/Execute, Bind TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for a connection No NX Module Options msf use payload/cmd/windows/https/x86/upexec/bindnonxtcp msf payloadbindnonxtcp show actions ...actions... msf payloadbindnonxtcp set ACTION msf...

HTTPS Fetch, Windows Upload/Execute, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/upexec/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf...

HTTPS Fetch, Windows Disable Windows ICF, Command Shell, Bind TCP Inline

Fetch and execute an x86 payload from an HTTPS server. Disable the Windows ICF, then listen for a connection and spawn a command shell Module Options msf use payload/cmd/windows/https/x86/shellbindtcpxpfw msf payloadshellbindtcpxpfw show actions ...actions... msf payloadshellbindtcpxpfw set ACTIO...

HTTPS Fetch, Windows Upload/Execute, Reverse All-Port TCP Stager

Fetch and execute an x86 payload from an HTTPS server. Uploads an executable and runs it staged. Try to connect back to the attacker, on all possible ports 1-65535, slowly Module Options msf use payload/cmd/windows/https/x86/upexec/reversetcpallports msf payloadreversetcpallports show actions...