PinchTab: OS Command Injection via Profile Name in Windows Cleanup Routine Enables Arbitrary Command Execution

Summary PinchTab v0.8.4 contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell -Command string using a needle derived from the profile path. In v0.8.4, that string interpolation escapes...

PT-2026-27630

Name of the Vulnerable Software and Affected Versions PinchTab versions prior to 0.8.5 Description PinchTab, a standalone HTTP server for controlling a Chrome browser with AI agents, contains a Windows-only command injection issue within the orphaned Chrome cleanup path. The issue arises because...

EUVD-2026-12637

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

EUVD-2026-12636

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

CVE-2026-3563

CVE-2026-3563 affects PowerShell Universal prior to 2026.1.4 due to improper input validation in apps and endpoints configuration. An authenticated user with permissions to create or modify Apps or Endpoints can override existing application or system routes, leading to unintended request routing...

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

CVE-2026-4064

Missing authorization checks on multiple gRPC service endpoints in PowerShell Universal before 2026.1.4 allows an authenticated user with any valid token to bypass role-based access controls and perform privileged operations — including reading sensitive data, creating or deleting resources, and...

Devolutions PowerShell Universal 安全漏洞

Devolutions PowerShell Universal is a comprehensive PowerShell platform developed by the Canadian company Devolutions. Versions of Devolutions PowerShell Universal prior to 2026.1.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks for multipl...

Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware

A suspected China-based cyber espionage operation has targeted Southeast Asian military organizations as part of a state-sponsored campaign that dates back to at least 2020. Palo Alto Networks Unit 42 is tracking the threat activity under the moniker CL-STA-1087 , where CL refers to cluster, and...

📄 Microsoft Windows LNK File Remote Code Execution

This PHP script is a proof of concept exploit that demonstrates how to create a Windows LNK shortcut file that executes a PowerShell command in this example, launches calc.exe...

Microsoft Windows Service Installation Persistence

This Metasploit module creates a persistent Windows service using multiple methods. It supports PowerShell, SC.exe, and WMI methods for service creation...

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution

Fileless Multi-Stage Remcos RAT: From Phishing to Memory-Resident Execution By Madhini Muralidharan · March 11, 2026 Traditional malware campaigns rely heavily on dropping executable files to disk—artifacts that defenders can scan, quarantine, and analyze with signature-based security tools. Mode...

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET and PowerShell. A malicious party could exploit the vulnerabilities to cause a denial-of-service or grant themselves elevated privileges within an application using the vulnerable .NET. .NET: |----------------|------|------------------------------------...

OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers

OpenClaw's system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers. In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv...

GHSA-3H2Q-J2V4-6W5R OpenClaw's system.run allowlist approval parsing missed PowerShell encoded-command wrappers

OpenClaw's system.run shell-wrapper detection did not recognize PowerShell -EncodedCommand forms as inline-command wrappers. In allowlist mode, a caller with access to system.run could invoke pwsh or powershell using -EncodedCommand, -enc, or -e, and the request would fall back to plain argv...