MiracleLinux 4 : bash-4.1.2-15.AXS4.2 (AXSA:2014-554:02)

The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-554:02 advisory. Description : The GNU Bourne Again shell Bash is a shell or command language interpreter that is compatible with the Bourne shell sh. Bash incorporat...

MiracleLinux 3 : sudo-1.7.2p1-29.AXS3 (AXSA:2014-229:01)

The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-229:01 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...

CVE-2025-67647

CVE-2025-67647 affects SvelteKit. Before 2.49.5, it allows server-side request forgery (SSRF) and DoS under prerender conditions. From 2.44.0 to 2.49.4, a DoS can occur if at least one prerendered route exists (export const prerender = true). From 2.19.0 to 2.49.4, DoS/SSRF can occur when there i...

CVE-2025-67647

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. From 2.44.0 through 2.49.4, the vulnerability results in a DoS when...

Server-side Request Forgery (SSRF)

Overview @sveltejs/kit is a SvelteKit framework and CLI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to the improper decoding of protocol headers in resolved path. An attacker can cause the server process to terminate or access internal services by...

SvelteKit is vulnerable to denial of service and possible SSRF when using prerendering

Summary Versions of SvelteKit are vulnerable to a server side request forgery SSRF and denial of service DoS under certain conditions. Details Affected versions from 2.44.0 onwards are vulnerable to DoS if: - your app has at least one prerendered route export const prerender = true Affected...

MiracleLinux 4 : dbus-1.2.24-7.AXS4 (AXSA:2012-954:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-954:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messagin...

MiracleLinux 9 : httpd-2.4.62-7.el9_7.3 (AXSA:2025-11631:11)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11631:11 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride...

CLSA-2026-1768213076 httpd: Fix of 2 CVEs

CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...

CVE-2023-40394

The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data...

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

CVE-2017-18415

cPanel before 67.9999.103 allows code execution in the context of the mailman account because of incorrect environment-variable filtering SEC-302...

CVE-2020-7458

In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posixspawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution...

CVE-2024-41956

Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by...

Siemens Ruggedcom ROX Static Code Injection (CVE-2024-32487)

less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the...

EUVD-2026-1462

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles...

CVE-2025-69262

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

EUVD-2026-1159

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

CVE-2025-69262 pnpm vulnerable to Command Injection via environment variable substitution

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

GHSA-2PHV-J68V-WWQX pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...