Electerm 信息泄露漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.15 and earlier contained an information leakage vulnerability. This vulnerability stemmed from the getConstants IPC processor, which serialized the entire process.env object and sent it to...

CVE-2026-41357

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

GHSA-J9PV-RRCJ-6PFX OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes

Summary SSH-based sandbox backends pass unsanitized process.env to child processes Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env...

CVE-2026-29872

A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 2026-01-19. The affected Streamlit-based GitHub MCP Agent stores user-supplied API tokens in process-wide environment variables using os.environ without...

CVE-2026-29872

The CVE-2026-29872 issue affects the awesome-llm-apps project, specifically a Streamlit-based GitHub MCP Agent. The underlying problem is storing user-provided API tokens in process-wide environment variables via os.environ without proper session isolation, allowing cross-session information disc...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002728)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002728 advisory. Race condition in the environread function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory b...

CVE-2026-22686 Sandbox Escape via Host Error Prototype Chain in enclave-vm

Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to 2.7.0, there is a critical sandbox escape vulnerability in enclave-vm that allows untrusted, sandboxed JavaScript code to execute arbitrary code in the host Node.js runtime. When a tool invocation fails,...

PT-2026-2792

Name of the Vulnerable Software and Affected Versions Enclave versions prior to 2.7.0 Description Enclave is a secure JavaScript sandbox used for safe AI agent code execution. A critical sandbox escape issue exists in enclave-vm, allowing untrusted JavaScript code to execute arbitrary code in the...

EUVD-2006-6606

Malware in sbrugna...

EUVD-2006-6604

Malware in sbrugna...

EUVD-2015-3237

Malware in sbrugna...

EUVD-2019-3486

Malware in sbrugna...

EUVD-2006-6605

Malware in sbrugna...

EUVD-2006-6603

Malware in sbrugna...

EUVD-2006-6601

Malware in sbrugna...

The vulnerability of the CP4I service (Cloud Pak for Integration) Keycloak Service, a software solution for managing containerized environments like IBM MQ Operator, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the CP4I service Cloud Pak for Integration Keycloak Service, a software solution for managing containerized environments in IBM MQ Operator, is related to information leakage through the process environment. Exploiting this vulnerability could allow an attacker to gain...

WinZip 缓冲区错误漏洞

WinZip is a powerful compression and encryption tool from WinZip, Inc. WinZip suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data. An attacker exploiting this vulnerability could execute code in the current process environment...

CVE-2025-24959 Environment Variable Injection for dotenv API in zx

zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in applications that rely on environment variables for...

PT-2025-5603 · Zx +1 · Zx +1

Name of the Vulnerable Software and Affected Versions: zx versions prior to 8.3.2 Description: An attacker with control over environment variable values can inject unintended environment variables into process.env. This can lead to arbitrary command execution or unexpected behavior in application...

CVE-2024-10979

Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH. That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions...