📄 Espanso 2.3.0 Configuration Injection

This Python script is a configuration manipulation tool for Espanso version 2.3.0 that modifies its YAML configuration file base.yml to add new text triggers capable of executing system commands via shell or script extensions...

📄 Espanso 2.3.0 Shell and Script Extension Arbitrary Command Execution

The Shell and Script extensions in Espanso version 2.3.0 allow arbitrary command execution. No restart required. Config changes take effect immediately. Exploit Title: Espanso v2.3.0 - Shell & Script Extension Arbitrary Command Execution RCE Date: 2026-05-13 Exploit Author: Chokri Hammedi Softwar...

EUVD-2026-18499

The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload endpoint validates uploaded files by checking their MIME type via PHP's finfo, which inspects file contents but constructs the stored filename using the...

Azure LoLBins: Protecting against the dual use of virtual machine extensions

Azure Defender for Resource Manager offers unique protection by automatically monitoring the resource management operations in your organization, whether theyre performed through the Azure portal, Azure REST APIs, Azure CLI, or other Azure programmatic clients. In this blog, we will look into the...

CVE-2021-26700

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability...

CVE-2021-26700

Visual Studio Code npm-script Extension Remote Code Execution Vulnerability...

PT-2021-17098 · Microsoft · Visual Studio Code Npm-Script Extension

Name of the Vulnerable Software and Affected Versions: Visual Studio Code npm-script Extension affected versions not specified Description: The issue concerns a remote code execution vulnerability in the Visual Studio Code npm-script Extension. There is no information provided about the estimated...

Microsoft Visual Studio Code npm-script plugin security vulnerability

Microsoft Visual Studio Code is an open source code editor from Microsoft. A security vulnerability exists in the npm-script plugin for Microsoft Visual Studio Code. The following products and versions are affected: Visual Studio Code - npm-script Extension...

KLA12073 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in .NET Core can be...

CVE-2020-9326

BeyondTrust Privilege Management for Windows and Mac aka PMWM; formerly Avecto Defendpoint 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash...

DEBIAN-CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

CVE-2015-5211

Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to 4.1.7, 3.2.0 to 3.2.14 and older unsupported versions is vulnerable to a Reflected File Download RFD attack. The attack involves a malicious user crafting a URL with a batch script extension that results in the response being...

Twitter Fixes Bug that Enabled Takeover of Any Account

Security researcher Henry Hoggard recently discovered a cross site request forgery CSRF vulnerability in Twitter’s “add a mobile device” feature, giving him the ability to read direct messages and tweet from any account. Hoggard, a security researcher at MWRInfosecurity, told Threatpost via email...