Command Injection

Overview systeminformation is a simple system and OS information library. Affected versions of this package are vulnerable to Command Injection via the fsSize function when the drive parameter is concatenated into a PowerShell command without proper sanitization. An attacker can execute arbitrary...

GHSA-WPHJ-FX3Q-84CH systeminformation has a Command Injection vulnerability in fsSize() function on Windows

Summary The fsSize function in systeminformation is vulnerable to OS Command Injection CWE-78 on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without sanitization, allowing arbitrary command execution when user-controlled input reaches this...

CVE-2025-68154

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

CVE-2025-68154 Command Injection in fsSize() on Windows

systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the fsSize function in systeminformation is vulnerable to OS command injection on Windows systems. The optional drive parameter is directly concatenated into a PowerShell command without...

Exploit for Command Injection in Microsoft

CVE-2025-54100 - PowerShell Response Parsing PoC This reposit...

CVE-2025-67508

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

CVE-2025-67508

CVE-2025-67508 affects gardenctl-v2 (gardenctl) ≤ 2.11.0. When used with non-POSIX shells (e.g., Fish, PowerShell), an attacker with administrative Gardener project privileges can craft malicious credential values that cause infrastructure Secret objects to break out of string context, enabling c...

PT-2025-50882

gardenctl is a command-line client for the Gardener which configures access to clusters and cloud provider CLI tools. When using non‑POSIX shells such as Fish and PowerShell, versions 2.11.0 and below of gardenctl allow an attacker with administrative privileges for a Gardener project to craft...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the evaluation of credential values in non-POSIX shell environments. An attacker can execute arbitrary commands on the operator's device by crafting malicious credential values in infrastructure Secret...

gardenctl is vulnerable to Command Injection when used with non‑POSIX shells

A security vulnerability was discovered in gardenctl when it is used with non‑POSIX shells such as Fish and PowerShell. Such setup could allow an attacker with administrative privileges for a Gardener project to craft malicious credential values in infrastructure Secret objects that break out of...

SureBackup Job Displays Error "PowerShell is not installed on this computer."

Challenge A Veeam Backup & Replication 12.x SureBackup job, utilizing a PowerShell script as part of testing, fails with the error: SureBackup JobName ScriptTests End 'Custom script 1: name $scriptName, failed - PowerShell is not installed on this computer ' Cause This issue occurs for machines...

CVE-2025-54100

Improper neutralization of special elements used in a command 'command injection' in Windows PowerShell allows an unauthorized attacker to execute code locally...

Patch Tuesday - December 2025

Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two publicly disclosed remote code vulnerabilities, and a single exploited-in-the-wild...

Exploit for CVE-2025-54100

CVE-2026-0386 Powershell's curl uses Invoke-WebRequest u...

CVE-2025-54100

Improper neutralization of special elements used in a command 'command injection' in Windows PowerShell allows an unauthorized attacker to execute code locally...

CVE-2025-54100

Improper neutralization of special elements used in a command 'command injection' in Windows PowerShell allows an unauthorized attacker to execute code locally...

CVE-2025-54100 PowerShell Remote Code Execution Vulnerability

...

EUVD-2025-202201

Improper neutralization of special elements used in a command 'command injection' in Windows PowerShell allows an unauthorized attacker to execute code locally...

CVE-2025-54100 PowerShell Remote Code Execution Vulnerability

...