CVE-2026-32202

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability

...

CVE-2026-27918

CVE-2026-27918 describes a race condition in the Windows Shell where concurrent execution over a shared resource allows an authorized local attacker to elevate privileges. The Red Hat and NC SC advisories reiterate the same description, confirming Windows Shell as the affected component and local...

CVE-2026-27918 Windows Shell Elevation of Privilege Vulnerability

...

CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability

...

CVE-2026-26166

CVE-2026-26166 is a Windows Shell vulnerability described as a double free in the Shell that allows an authorized attacker to locally elevate privileges. Public materials consistently label it as a Windows Shell elevation of privilege issue, with impact limited to local privileges. The Red Hat/NC...

CVE-2026-26166 Windows Shell Elevation of Privilege Vulnerability

...

CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability

...

CVE-2026-26165 Windows Shell Elevation of Privilege Vulnerability

...

CVE-2026-26165

CVE-2026-26165 is a Windows Shell elevation-of-privilege vulnerability. The record shows local access required (attack vector: LOCAL), with low privileges required and no user interaction, and maintains the same security scope. The impact is high on confidentiality, integrity, and availability, w...

Windows Shell Elevation of Privilege Vulnerability

Use after free in Windows Shell allows an authorized attacker to elevate privileges locally...

Windows Shell Spoofing Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network...

Windows Shell Elevation of Privilege Vulnerability

Double free in Windows Shell allows an authorized attacker to elevate privileges locally...

Windows Shell Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Shell allows an authorized attacker to elevate privileges locally...

Windows Shell Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network...

Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...

JLSEC-2026-116 Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process

Summary A command injection vulnerability exists in Deno's node:childprocess implementation. Reproduction javascript import spawnSync from "node:childprocess"; import as fs from "node:fs"; // Cleanup try fs.unlinkSync'/tmp/rceproof'; catch // Create legitimate script...

MAL-2026-2883 Malicious code in ts-lint-builds (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b5b6d9da5acae076b81860b7c119f9b61dd48b9b5360e56b582fdae563f96d8 The package ts-lint-builds was found to contain malicious...

Malicious code in cjs-biginteger (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ad18a38aa59b5edbd05dbdf229f4d013446f970fe18b41e54ffc1c24a926d2bd The package cjs-biginteger was found to contain malicious...

Malicious code in bjs-lint-builders (npm)

big.js typosquat campaign - SSH backdoor implantation, credential and crypto wallet theft --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93ff31ee3bf86e4aecefc3ed40ae1647028f7fd482df4c617731ebfd75cad027 The package bjs-lint-builders was found to contain maliciou...