7735 matches found
CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...
CVE-2026-33981 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated us...
CVE-2026-33881
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...
CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...
EUVD-2026-16820
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...
CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...
CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor
Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the processing of deprecated workflow commands in untrusted input. An attacker can inject arbitrary environment variables or modify the...
GHSA-58R7-4WR5-HFX8 Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
Summary The jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated user when no password is set, the default can leak sensitive environment variables...
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters
Summary The jq: and jqraw: include filter expressions allow use of the jq env builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user or unauthenticated user when no password is set, the default can leak sensitive environment variables...
EUVD-2026-16880
Changedetection.io Discloses Environment Variables via jq env Builtin in Include Filters...
Linux Distros Unpatched Vulnerability : CVE-2026-23919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to...
changedetection.io 信息泄露漏洞
changedetection.io is a website-based application developed by dgtlmoon, designed for change detection, monitoring, and notification. Versions of changedetection.io prior to 0.54.7 contained a vulnerability related to information leakage. This vulnerability stemmed from the use of filter...
WindMill 代码注入漏洞
WindMill is a free open-source tool developed by Lukasavicus’ individual developer. It is used to control the execution of tasks in Python. Versions of WindMill prior to 1.664.0 contained a code injection vulnerability. This vulnerability occurred when JavaScript string literals were inserted int...
PT-2026-28583
Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.54.7 Description The jq: and jqraw: include filter expressions in changedetection.io allow the use of the jq env builtin, which reads all process environment variables and stores them as the watch snapsho...
CVE-2026-33486
CVE-2026-33486 affects Roadiz and specifically the roadiz/documents component. The vulnerability is an SSRF/LFI flaw in theDownloadedFile::fromUrl() flow that occurs when importing external media; an attacker-controlled URL can be used with file:// to read local server files (including environmen...
CVE-2026-33486
Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...
CVE-2026-33486 Roadiz has Server-Side Request Forgery (SSRF) in roadiz/documents
Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28, 2.5.44, and 2.3.42 allows an authenticated attacker to read any file on the server's local file system that the web...
CVE-2026-32772
telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...
CVE-2026-32058
OpenClaw versions prior to 2026.2.26 contain an approval context-binding weakness in system.run execution flows with host=node that allows reuse of previously approved requests with modified environment variables. Attackers with access to an approval id can exploit this by reusing an approval wit...