Lucene search
K

7849 matches found

NVD
NVD
added 2025/10/16 3:15 p.m.9 views

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS0.00435EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/16 2:25 p.m.12 views

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS0.00435EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 2:25 p.m.3 views

CVE-2025-41253 Spring Cloud Gateway Webflux SpEL Injection Vulnerability Allowing Exposure of Environment Variables

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.4AI score0.00435EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 2:25 p.m.27 views

CVE-2025-41253

CVE-2025-41253 affects Spring Cloud Gateway Server Webflux: SpEL-enabled routes and unsecured actuator web endpoints can expose environment variables and system properties. Webflux components are vulnerable; WebMVC is not. IBM bulletin lists remediation: upgrade IBM Library Support for Spring to ...

7.5CVSS6.4AI score0.00435EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/16 6:45 a.m.5 views

Improper Configuration Management

TinyEnv is vulnerable to Improper Configuration Management. The vulnerability is due to the application not requiring the .env file to exist when loading environment variables, which allows an attacker or misconfiguration to cause the application to run with insecure defaults or missing...

7.3CVSS6.9AI score0.00173EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.6 views

PT-2025-42472

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux is susceptible to a SpEL Spring Expression Language injection issue. This flaw allows unauthenticated attackers to access...

7.5CVSS6.6AI score0.00435EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2025/10/16 12:0 a.m.4 views

PT-2025-42499

Name of the Vulnerable Software and Affected Versions Icinga DB Web versions prior to 1.1.4 Icinga DB Web versions prior to 1.2.3 Description Icinga DB Web offers a graphical interface for Icinga monitoring. An authorized user with access to Icinga DB Web can utilize a custom variable within a...

6.5CVSS6.5AI score0.00331EPSS
Exploits0References16
FreeBSD
FreeBSD
added 2025/10/16 12:0 a.m.7 views

Hidden/Protected custom variables are prone to filter enumeration

Icinga reports: An authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values assigned to it...

6.5CVSS6.9AI score0.00331EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/16 12:0 a.m.4 views

Spring Cloud Gateway Server Webflux 安全漏洞

Spring Cloud Gateway Server Webflux is a Spring open source gateway server. A security vulnerability exists in Spring Cloud Gateway Server Webflux that stems from the Spring Expression Language that may expose environment variables and system properties, potentially leading to information...

7.5CVSS6.3AI score0.00435EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/10/14 5:59 p.m.4 views

io.minio/minio: minio-java Client XML Tag is Vulnerable to Value Substitution

In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including credentials,...

8.7CVSS5.8AI score0.00458EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/10/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-9825

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.7 to 18.2.8, 18.3 before 18.3.4, and 18.4 before 18.4.2 that could have allowed...

6.5CVSS5.5AI score0.00315EPSS
Exploits1References2
OSV
OSV
added 2025/10/13 8:19 p.m.1 views

GHSA-6FGX-X7M2-74QM tracexec has `env` command argument injection via environment variables starting with dash in traced exec events

Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...

1CVSS7.4AI score
Exploits0References4
EUVD
EUVD
added 2025/10/13 8:19 p.m.5 views

EUVD-2025-34079

tracexec has env command argument injection via environment variables starting with dash in traced exec events...

6.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/13 8:19 p.m.8 views

tracexec has `env` command argument injection via environment variables starting with dash in traced exec events

Impact For tracexec's command line reconstruction feature, when a traced process executes another process with a environment variable where the key starts with a dash, tracexec incorrectly shows its commandline where such environment variables could cause argument injection for the env command...

7.4AI score
Exploits0References4Affected Software1
NVD
NVD
added 2025/10/13 2:15 p.m.4 views

CVE-2025-37729

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS0.00565EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/13 1:47 p.m.9 views

CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS0.00565EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/13 1:47 p.m.3 views

CVE-2025-37729 Elastic Cloud Enterprise (ECE) Improper Neutralization of Special Elements Used in a Template Engine

Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise ECE can lead to a malicious actor with Admin access exfiltrating sensitive information and issuing commands via a specially crafted string where Jinjava variables are evaluated...

9.1CVSS6.3AI score0.00565EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.6 views

PT-2025-41785

Name of the Vulnerable Software and Affected Versions Elastic Cloud Enterprise versions 2.5.0 through 3.8.1 Elastic Cloud Enterprise version 4.0.0 through 4.0.1 Description An issue exists in Elastic Cloud Enterprise ECE related to the improper handling of special elements within its template...

9.1CVSS7.9AI score0.00565EPSS
Exploits0References21
Veracode
Veracode
added 2025/10/10 1:18 p.m.8 views

XML Injection

io.minio:minio is vulnerable to XML Injection. The vulnerability is due to automatic substitution of XML tag values containing system property or environment variable references during processing, which allows an attacker to craft malicious XML input that exposes sensitive information such as...

8.7CVSS6.5AI score0.00458EPSS
Exploits0References5Affected Software1
Metasploit
Metasploit
added 2025/10/09 6:53 p.m.566 views

Listmonk Insecure Sprig Template Functions Environment Disclosure

This module exploits insecure Sprig template functions in Listmonk versions prior to v5.0.2. The env and expandenv functions are enabled by default, allowing authenticated users with campaign permissions to extract sensitive environment variables via campaign preview. Module Options msf use...

9CVSS5.8AI score0.00907EPSS
Exploits2
Rows per page
Query Builder