PT-2026-1939

Name of the Vulnerable Software and Affected Versions pnpm versions 6.25.0 through 10.26.2 Description pnpm is a package manager susceptible to a Command Injection issue when utilizing environment variable substitution within .npmrc configuration files, specifically with tokenHelper settings...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 A local privilege escalation vulnerability was fou...

CVE-2025-15451

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...

DEBIAN-CVE-2025-65110

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used...

CVE-2025-15451

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...

CVE-2025-15451

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...

CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...

CVE-2025-15451

The CVE-2025-15451 affects xnx3 wangmarket up to v4.9, specifically the /admin/system/variableSave.do functionality where manipulating the Description parameter triggers cross-site scripting. Public exploit exists; attack may be remotely initiated; vendor did not respond to disclosure. Connected ...

CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting

A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attac...

wangmarket 代码注入漏洞

wangmarket is a privatized deploy your own SAAS cloud builder system for xnx3 individual developers in China. A code injection vulnerability exists in wangmarket 4.9 and earlier versions, which stems from an incorrect manipulation of the Description parameter in the file...

PT-2026-1204

Name of the Vulnerable Software and Affected Versions xnx3 wangmarket versions up to 4.9 Description A security flaw exists in xnx3 wangmarket up to version 4.9, specifically within the System Variables Page functionality located at the '/admin/system/variableSave.do' file. Manipulation of the...

MAL-2026-5 Malicious code in queryservice-client (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 92aafbccc7065760e0127931c5150c59561f3b753ab9fe79dbcbdafd1aef97dc Dependency confusion PoC that exfiltrates also potentially sensitive environment variables --- Category: MALICIOUS - The campaign has clearly malicious intent,...

Exposure of Sensitive Information Through Environmental Variables

Overview gac is a LLM-powered Git commit message generator with multi-provider support Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables via the show function, which shows all environment variable values without redaction...

PT-2026-25391

Name of the Vulnerable Software and Affected Versions telnet versions through 2.7 Description telnet in GNU inetutils allows servers to read arbitrary environment variables from clients via the NEW ENVIRON SEND USERVAR functionality. The issue involves the ability of servers to access client...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992644)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992644 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp: tcpmakesynack can be called from process context tcprtxsynack now could be called in process...

NewStart CGSL MAIN 7.02 : libpq Multiple Vulnerabilities (NS-SA-2025-0255)

The remote NewStart CGSL host, running version MAIN 7.02, has libpq packages installed that are affected by multiple vulnerabilities: - Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables e.g. PATH...

CVE-2025-68668 n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands...

GHSA-62R4-HW23-CC8V n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Impact A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python3 (UTSA-2025-992143)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992143 advisory. If the value passed to os.path.expandvars is user-controlled a performance degradation is possible when expanding environment variables. Tenable has extracted the...

CLSA-2025-1766598218 opensc: Fix of 4 CVEs

CVE-2024-45616: fix insufficient control of APDU buffer and its length - CVE-2024-45615: initialize uninitialized variables - CVE-2024-45617: fix insufficient or missing checking of return values - CVE-2024-45620: fix incorrect handling length of buffers or files in pkcs15init...