PT-2026-7396

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A protection mechanism failure in the Windows Shell allows an unauthorized remote attacker to bypass security features, specifically the Windows SmartScreen mechanism and Windows Shell...

KLA90878 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface, obtain sensitive information, cause denial of service. Below is a...

Microsoft Windows Shell Protection Mechanism Failure Vulnerability

Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network...

EUVD-2026-4873

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to versions 5.4.51, 6.4.33, 7.3.11, 7.4.5, and 8.0.5, the Symfony Process component did not correctly treat some characters notably = as “special” when escaping arguments on Windows. When PHP i...

CVE-2026-20834

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack...

CVE-2026-20847

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...

CVE-2026-20847

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...

CVE-2026-20847

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...

CVE-2026-20834

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack...

CVE-2026-20834

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack...

CVE-2026-20847

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...

Microsoft Windows File Explorer Spoofing Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network...

Windows Spoofing Vulnerability

Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack...

PT-2026-2694

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A flaw exists in Windows Shell that could allow an attacker to perform spoofing over a network, potentially leading to unauthorized access to sensitive information. This issue enables a...

PT-2026-2684

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A security issue exists in Windows Shell that allows an unauthorized attacker to perform spoofing. This requires physical access to the system. The issue involves an absolute path...

Microsoft Windows Shell 信息泄露漏洞

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft USA.Easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. On some versions of Windows, featur...

Microsoft Windows Shell 安全漏洞

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft USA.Easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. On some versions of Windows, featur...

CVE-2023-40185

shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping or quoting for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expecte...

VulnCheck KEV: CVE-2025-11953

The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary...

CVE-2025-64661

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Shell allows an authorized attacker to elevate privileges locally...