7736 matches found
UBUNTU-CVE-2026-23624
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper use of shared variables, potentially leading to state corruption...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an out-of-bounds access to index variables, potentially leading to memory corruption...
osbuild-composer security update
149-4.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...
EUVD-2025-206771
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...
CVE-2025-58380
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories...
CVE-2025-58380 Directory transversal vulnerability in Brocade Fabric OS before 9.2.1 using grep command
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories...
PT-2026-5772
A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the directory structure or to traverse to different directories...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Inetutils vulnerability (USN-7992-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7992-1 advisory. Kyu Neushwaistein discovered that telnetd in Inetutils incorrectly handled certain environment variables. A remote attacker could use this iss...
PT-2026-5921
Name of the Vulnerable Software and Affected Versions Brocade Fabric OS versions prior to 9.2.1c2 Brocade Fabric OS versions 9.2.2 through 9.2.2a Description A flaw exists within Brocade Fabric OS that may allow an authenticated attacker possessing administrative privileges to manipulate path...
GHSA-MC68-Q9JW-2H3V OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...
Insertion of Sensitive Information Into Sent Data
Overview sagemaker is an Open source library for training and deploying models on Amazon SageMaker. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the storage of HMAC keys and disclosure through the DescribeTrainingJob API. An attacker ca...
GHSA-RJRP-M2JW-PV9C SageMaker Python SDK has Exposed HMAC
Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...
SageMaker Python SDK has Exposed HMAC
Summary SageMaker Python SDK is an open source library for training and deploying machine learning models on Amazon SageMaker. An issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API has been identified. Impact - Function and Payload...
CVE-2026-24763 Authenticated Command Injection in OpenClaw Docker Execution via PATH Environment Variable
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
CVE-2026-24763
OpenClaw formerly Clawdbot is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An...
USN-7992-1: Inetutils vulnerability
Kyu Neushwaistein discovered that telnetd in Inetutils incorrectly handled certain environment variables. A remote attacker could use this issue to bypass authentication and open a session as an administrator...
USN-7992-1 inetutils vulnerability
Kyu Neushwaistein discovered that telnetd in Inetutils incorrectly handled certain environment variables. A remote attacker could use this issue to bypass authentication and open a session as an administrator...
MAL-2026-622 Malicious code in genvia-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 daedaaf2f945a1cc86a93f479d8284153533d387ddd7b00418991a7998a37e11 During installation, the package attempts to exfiltrate specific sensitive environment variables. --- Category: MALICIOUS - The campaign has clearly malicious...
Malicious code in genvia-utils (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 daedaaf2f945a1cc86a93f479d8284153533d387ddd7b00418991a7998a37e11 During installation, the package attempts to exfiltrate specific sensitive environment variables. --- Category: MALICIOUS - The campaign has clearly malicious...