93 matches found
CVE-2025-36017 IBM Controller Information Disclosure
IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables files which can be obtained by an authenticated user...
EUVD-2021-30275
Malicious code in bioql PyPI...
CVE-2025-59427
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
CVE-2025-59427
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
CVE-2025-59427 Cloudflare vite plugin exposes secrets over the built-in dev server
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret information such as...
MAL-2025-191765 Malicious code in import-license-checker (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c41ca4c8119fa20f7f5915b34de59f879b77fedf237cbbf5a69e46ddbeded428 Package exfiltrates content of .env files to a remote target --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
WordPress plugin Total Upkeep by BoldGrid 信息泄露漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An information disclosure vulnerability...
GHSA-859W-5945-R5V3 Vite's server.fs.deny bypassed with /. for files under project root
Summary The contents of files in the project root that are denied by a file matching pattern can be returned to the browser. Impact Only apps explicitly exposing the Vite dev server to the network using --host or server.host config option are affected. Only files that are under project root and a...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2025:0590-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0590-1 advisory. - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash...
SUSE-SU-2025:0590-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: - CVE-2025-24970: incorrect validation of packets by SslHandler can lead to a native crash. bsc1237037 - CVE-2025-25193: unsafe reading of environment files can lead to an application crash. bsc1237038 Update to netty version 4.1.1...
Denial Of Service (DoS)
io.netty, netty-common is vulnerable to Denial Of Service DoS. The vulnerability is due to unsafe reading of environment files, where Netty attempts to load a non-existent file, allows an attacker can exploit this by creating a large file, causing the application to crash and resulting in a denia...
Netty 资源管理错误漏洞
Netty is a non-blocking I/O client-server framework from the Netty community that is primarily used to develop Java web applications such as protocol servers and clients. A resource management error vulnerability exists in Netty version 4.1.114 and earlier versions, which stems from allowing unsa...
Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code. The activity, codenamed EMERALDWHALE , is estimated to have collected over 10,000 private...
PT-2024-33316 · Snipe-It · Snipe-It
Name of the Vulnerable Software and Affected Versions: Snipe-IT versions prior to 7.0.10 Description: The issue allows remote code execution when an attacker knows the APP KEY, which is associated with cookie serialization. This is worsened by the availability of .env files from the product's...
FileCodeBox 安全漏洞
FileCodeBox is a file courier locker for vastsa personal developers. Files can be shared with an anonymous password. A security vulnerability exists in FileCodeBox version 2.0 that stems from allowing OneDrive passwords and AWS keys to be stored in plaintext environment files...
Code injection
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
CVE-2023-39950
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
CVE-2023-39950 Insufficient input validation in efibootguard
efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into bgsetenv or...
SUSE CVE-2021-43337
SchedMD Slurm 21.08. before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=jobscript and/or jobenv options, the access control rules in SlurmDBD may permit users to request job scripts and environment files to which they should not have access...