PT-2026-2918

Name of the Vulnerable Software and Affected Versions Cursor versions prior to 2.3 Description Cursor is a code editor designed for programming with AI. When the Cursor Agent operates in Auto-Run Mode with Allowlist mode enabled, certain shell built-ins can be executed without appearing on the...

Security Update for Azure Core shared client library for Python < 1.38.0 (January 2026)

The Azure Core shared client library for Python installation on the remote host is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability CVE-2026-21226. - An attacker who successfully exploited this vulnerability could gain elevated privileges by...

Protection Mechanism Failure

Overview enclave-vm is a Sandbox runtime for secure JavaScript code execution Affected versions of this package are vulnerable to Protection Mechanism Failure via the exposure of a host-side Error object to sandboxed code, which retains its host realm prototype chain. An attacker can intentionall...

MiracleLinux 7 : postgresql-9.2.24-9.0.2.el7.AXS7 (AXSA:2025-9551:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9551:01 advisory. CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables CVEs: CVE-2024-10979 Incorrect control of environment variables in PostgreSQ...

TencentOS Server 4: grafana (TSSA-2025:0978)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0978 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

CVE-2005-1395

Buffer overflow in Ce/Ceterm aka ARPUS/Ce 2.5.4 and earlier may allow local users to gain privileges via a long 1 XAPPLRESLANGPATH or 2 XAPPLRESDIR environment variable, or 3 command line argument...

CVE-2003-1291

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables...

CVE-2021-31550

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...

CVE-2007-4309

IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini 1 KFMShowEntropy and 2 DebugOutfile debug variables, a different vulnerability than CVE-2005-2696...

CVE-2022-26707

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in macOS Monterey 12.4. A user may be able to view sensitive user information...

CVE-2022-35897

An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally...

CVE-2019-18603

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer...

CVE-2019-11632

In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. These permissions are only used in custom...

CVE-2024-39707

Insyde IHISI function 0x49 can restore factory defaults for certain UEFI variables without further authentication by default, which could lead to a possible roll-back attack in certain platforms. This is fixed in: kernel 5.2, version 05.29.19; kernel 5.3, version 05.38.19; kernel 5.4, version...

CVE-2023-45076

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-45077

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-45075

A memory leakage vulnerability was reported in the SWSMIShadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables...

CVE-2023-40376

IBM UrbanCode Deploy UCD 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581...

CVE-2021-22252

A confusion between tag and branch names in GitLab CE/EE affecting all versions since 13.7 allowed a Developer to access protected CI variables which should only be accessible to Maintainers...

CVE-2022-0741

Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...