23 matches found
SUSE CVE-2026-33414
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
Linux Distros Unpatched Vulnerability : CVE-2026-33414
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in...
DEBIAN-CVE-2026-33414
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
CVE-2026-33414
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
CVE-2026-33414 PowerShell Command Injection in Podman HyperV Machine
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
CVE-2026-33414 PowerShell Command Injection in Podman HyperV Machine
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
CVE-2026-33414
Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...
GHSA-HC8W-H2MF-HP59 PowerShell Command Injection in Podman HyperV Machine
Summary A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $ subexpression injection. Affected Code File: pkg/machine/hyperv/stubber.go:647 go resize :=...
PowerShell Command Injection in Podman HyperV Machine
Summary A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $ subexpression injection. Affected Code File: pkg/machine/hyperv/stubber.go:647 go resize :=...
CVE-2026-33623 PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution
PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a...
EUVD-2020-28320
Malware in sbrugna...
spraywmi
Exploit module/toolkit targeting Windows systems via WMI Windows Management Instrumentation spraying. The tool, named SprayWMI, is designed to mass spray Unicorn PowerShell injection to CIDR notations. It is a Python-based tool that uses the pexpect library to interact with the Windows Management...
CVE-2022-22744
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...
CVE-2021-28927
The text-to-speech engine in libretro RetroArch for Windows 1.9.0 passes unsanitized input to PowerShell through platformwin32.c via the accessibilityspeakwindows function, which allows attackers who have write access on filesystems that are used by RetroArch to execute code via command injection...
CVE-2018-8492
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019...
CVE-2018-8200
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers...
Microsoft Windows Device Guard Local Security Bypass Vulnerability (CNVD-2018-19387)
Microsoft Windows is a set of operating systems developed by Microsoft Corporation in the U.S. Windows uses a graphical mode GUI. A local security bypass vulnerability exists in Microsoft Windows Device Guard. An attacker can exploit this vulnerability to inject malicious code into a Windows...
Microsoft Windows Device Guard Local Security Bypass Vulnerability (CNVD-2018-12572)
Microsoft Windows 10 and Windows Server 2016 are both products of the American company Microsoft. The former is a set of operating systems for personal computers and the latter is a set of server operating systems.Device Guard is one of the device protection components. A local security bypass...
CVE-2017-0173
Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass...
CVE-2017-0218
Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Poli...