GHSA-HC8W-H2MF-HP59 PowerShell Command Injection in Podman HyperV Machine

Summary A command injection vulnerability exists in Podman's HyperV machine backend. The VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $ subexpression injection. Affected Code File: pkg/machine/hyperv/stubber.go:647 go resize :=...

CVE-2025-67905

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. To exploit this, an...

EUVD-2007-4555

Malware in sbrugna...

EUVD-2022-26923

Malicious code in bioql PyPI...

EUVD-2023-39645

Malicious code in bioql PyPI...

EUVD-2023-24750

Malicious code in bioql PyPI...

EUVD-2022-49144

Malicious code in bioql PyPI...

EUVD-2025-15828

Malicious code in bioql PyPI...

EUVD-2022-26952

Malicious code in bioql PyPI...

EUVD-2023-24950

Malicious code in bioql PyPI...

CVE-2025-6759

CVE-2025-6759 affects Citrix Virtual Apps and Desktops — specifically the Windows Virtual Delivery Agent (VDA) used by CVAD and Citrix DaaS. The root cause is an open process handle with full access leaking from SYSTEM-owned GfxMgr.exe into a less-privileged processCtxGfx.exe, allowing a low-priv...

Exploit for CVE-2025-49144

notepad-v8.8.1-LPE-CVE- CVE-2025-49144 Notepad++ v8.8.1 SY...

PT-2025-26637

Name of the Vulnerable Software and Affected Versions Notepad++ versions 8.8.1 and prior Description Notepad++ is a free and open-source source code editor. A privilege escalation flaw exists in the Notepad++ installer versions 8.8.1 and prior due to insecure executable search paths. This allows...

CVE-2025-4879

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows...

CVE-2023-47145

IBM Db2 for Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402...

CVE-2023-29445

An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...

CVE-2023-35645

In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-20639

In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587...

CVE-2022-32450

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder used for ad.trace and chat but the product runs as SYSTEM when writing chat-room data there...

CVE-2022-32642

In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547...