Lucene search
K

78 matches found

Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55404 yt-dlp: Downstream command injection via improper sanitization of yt-dlp --write-link output

yt-dlp and youtube-dl are command-line audio/video downloaders. Prior to 2026.7.4, the --write-link, --write-url-link, and --write-desktop-link options can write .url or .desktop shortcut files using attacker-controlled webpageurl or filename metadata without sufficient validation or escaping,...

7.5CVSS0.00554EPSS
Exploits0References3
CVE
CVE
added 5 days ago9 views

CVE-2026-55404

YT-dlp and YouTube-dl before 2026.7.4 expose a vulnerability through --write-link, --write-url-link, and --write-desktop-link that can write .url/.desktop shortcuts using attacker-controlled metadata, enabling file:// URI or desktop entry key injection and potential command execution when opened....

7.5CVSS6AI score0.00554EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2026/05/29 12:0 a.m.67 views

Microsoft - NTLMv2 Hash Capture

Titles: Microsoft - NTLMv2 Hash Capture Author: nu11secur1ty Date: 2026-05-27 Vendor: Microsoft Software: Windows Shell File Explorer Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-32202 Description: A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv...

4.3CVSS6AI score0.64095EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/05/27 12:0 a.m.74 views

📄 Windows Shell LNK Spoofing / NTLMv2 Hash Capture

A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv2 hashes without user interaction. By crafting a malicious .lnk shortcut file with a UNC path pointing to an attacker-controlled SMB server, the target's Windows system automatically sends an NTLMv2...

9.1CVSS7.5AI score0.64095EPSS
Exploits3
Information Security Automation
Information Security Automation
added 2026/03/09 10:59 p.m.49 views

About Remote Code Execution – Windows Shell (CVE-2026-21510) vulnerability

About Remote Code Execution - Windows Shell CVE-2026-21510 vulnerability. A vulnerability from the February Microsoft Patch Tuesday. The Windows Shell is the primary interface through which users interact with the Windows operating system. It includes visible elements such as the Desktop, Taskbar...

8.8CVSS6.6AI score0.25835EPSS
Exploits3
Packet Storm
Packet Storm
added 2026/02/13 12:0 a.m.153 views

📄 Peyara Remote Mouse 1.0.1 Shell Upload / Code Execution

The Peyara Remote Mouse desktop control software exposes an unauthenticated file upload endpoint, along with an unauthenticated WebSocket control channel. An attacker can upload arbitrary files including .LNK shortcuts to the victim environment and trigger command execution via simulated...

6.1AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/11 11:2 p.m.226 views

Exploit for Protection Mechanism Failure in Microsoft

CVE-2026-21510 - Windows Shell Security Feature Bypass Vulnera...

8.8CVSS6.7AI score0.25835EPSS
Exploits3
GithubExploit
GithubExploit
added 2025/12/18 9:0 a.m.180 views

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 - WebDAV Remote Code Execution RCE PoC & C2 S...

8.8CVSS8.4AI score0.81558EPSS
Exploits10
The Hacker News
The Hacker News
added 2025/10/13 5:12 a.m.6 views

New Rust-Based Malware "ChaosBot" Uses Discord Channels to Control Victims' PCs

Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts. "Threat actors leveraged compromised credentials that mapped to both Cisco VPN and an over-privileg...

7.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-0520

Malware in sbrugna...

10CVSS6.3AI score0.03781EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.19 views

EUVD-2025-28860

Malicious code in bioql PyPI...

7.8CVSS6.9AI score0.63102EPSS
Exploits3References1
Metasploit
Metasploit
added 2025/10/01 6:56 p.m.639 views

SpecialFolderDatablock - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in SpecialFolderDatablock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the location...

5.9AI score
Exploits0
CVE
CVE
added 2025/08/26 4:25 p.m.205 views

CVE-2025-9491

CVE-2025-9491 is a Microsoft Windows LNK file UI misrepresentation vulnerability. The flaw lies in how Windows handles .LNK/shortcuts, where crafted whitespace padding can hide malicious command-line arguments from the target user’s view, enabling arbitrary code execution in the context of the cu...

7.8CVSS7.2AI score0.63102EPSS
In wildExploits3References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2018-12098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The liblnkdatablockread function in liblnkdatablock.c in liblnk through 2018-04-19 allows remote attackers to cause an information disclosure heap-based buffer...

5.5CVSS5.8AI score0.00596EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2025/08/18 12:0 a.m.287 views

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...

6.5CVSS7.4AI score0.58974EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/06/25 12:0 a.m.178 views

📄 Microsoft Internet Shortcut Malicious URL

This Metasploit module exploits CVE-2025-33053 by generating a malicious .URL file pointing to a trusted LOLBAS binary with parameters designed to trigger unintended behavior. Optionally, a payload is generated and hosted on a specified WebDAV directory. When the victim opens the shortcut, it wil...

8.8CVSS8.2AI score0.81558EPSS
Exploits10
Vulnrichment
Vulnrichment
added 2025/06/10 5:2 p.m.3 views

CVE-2025-47160 Windows Shortcut Files Security Feature Bypass Vulnerability

...

5.4CVSS7.2AI score0.00716EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 a.m.9 views

CVE-2019-19731

Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder...

7.5CVSS7.7AI score0.11617EPSS
Exploits5References1
OSV
OSV
added 2025/04/01 1:15 p.m.8 views

UBUNTU-CVE-2025-3033

After selecting a malicious Windows .url shortcut from the local filesystem, an unexpected file could be uploaded. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox 137 and Thunderbird 137...

7.7CVSS5.8AI score0.0017EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2025/03/19 12:0 a.m.6 views

The vulnerability of the .LNK-file processing mechanism in Windows operating systems allows a hacker to secretly execute arbitrary operating system commands.

The vulnerability of the .LNK file processing mechanism in Windows operating systems is related to information representation errors in the user interface. Exploiting this vulnerability allows an attacker to secretly execute arbitrary commands on the operating system by sending a specially crafte...

7CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder