CVE-2026-40520 FreePBX api module Command Injection via GraphQL

FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess function where GraphQL mutation input fields are passed directly to shellexec without sanitization or escaping. An authenticated user with a valid bearer token can send a GraphQL...

GHSA-M8V7-469P-5X89 Hard-coded System User Credentials in Folio Data Export Spring module

Impact The module creates a system user that is used to perform internal module-to-module operations. Credentials for this user are hard-coded in the source code. This makes it trivial to authenticate as this user, allowing unauthorized read access to these mod-inventory-storage records: instance...

Blackbone - Windows Memory Hacking Library

Blackbone, Windows Memory Hacking Library Features x86 and x64 support Process interaction Manage PEB32/PEB64 Manage process through WOW64 barrier Process Memory Allocate and free virtual memory Change memory protection Read/Write virtual memory Process modules Enumerate all 32/64 bit modules...