7842 matches found
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
...
PT-2025-40450
Name of the Vulnerable Software and Affected Versions DataChain versions 0.34.1 and below Description DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. The library reads serialized objects from environment variables, specifically DATACHAIN METASTORE a...
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
...
Windows Shortcut (LNK) Padding
This module generates Windows LNK shortcut file that can execute arbitrary commands. The LNK file uses environment variables and execute its arguments from COMMANDLINEARGUMENTS with extra juicy whitespace character padding bytes and concatenates the actual payload. Module Options msf use...
CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution
MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...
CVE-2025-59952 minio-java Client XML Tag is Vulnerable to Value Substitution
MinIO Java SDK is a Simple Storage Service aka S3 client to perform bucket and object operations to any Amazon S3 compatible object storage service. In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically...
CVE-2025-59952
CVE-2025-59952 is a vulnerability in the MinIO Java SDK (minio-java). In versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were substituted with their actual values during processing, potentially exposing sensitive information (credentials...
MinIO Java Client XML Tag Value Substitution Vulnerability
Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...
GHSA-H7RH-XFPJ-HPCM MinIO Java Client XML Tag Value Substitution Vulnerability
Description In minio-java versions prior to 8.6.0, XML tag values containing references to system properties or environment variables were automatically substituted with their actual values during processing. This unintended behavior could lead to the exposure of sensitive information, including...
Advisory ROSA-SA-2025-3012
software: opensc 0.26.1 OS: ROSA-CHROME unaffected versions = opensc-0.26.1-1 affected versions opensc-0.26.1-1 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart ca...
Advisory ROSA-SA-2025-3013
software: openscap 1.4.2 OS: ROSA-CHROME unaffected versions = openscap-1.4.2-2 affected versions openscap-1.4.2-2 CVE-ID: CVE-2024-45615 BDU-ID: 2024-11086 CVE-Crit: LOW CVE-DESC.: A vulnerability in the pkcs15-init smart card personalization utility and the libopensc library of the OpenSC smart...
Advisory ROSA-SA-2025-3011
software: postgresql 15.14 WASP: ROSA-CHROME unaffected versions = postgresql-15.14-1 affected versions postgresql-15.14-1 CVE-ID: CVE-2024-10979 BDU-ID: 2024-09679 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PL/Perl environment variables of the PostgreSQL database management system is relat...
Advisory ROSA-SA-2025-3010
software: postgresql14 14.19 WASP: ROSA-CHROME unaffected versions = postgresql14-14.19-1 affected versions postgresql14-14.19-1 CVE-ID: CVE-2024-10979 BDU-ID: 2024-09679 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the PL/Perl environment variables of the PostgreSQL database management system is...
CVE-2025-55038
An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users with low-level access permissions can exploit this vulnerability to read and modify PLC variabl...
Ensure That the su Command Inherits the User Environment Variables Without Escalating Privileges
The su command enables a common user to have the permissions of the superuser or other users. It is often used for switching the user from a common user to the root user. The su command provides a convenient way for users to change their identities. However, if the su command is run without...
Disable PermitUserEnvironment
PermitUserEnvironment allows users to set SSH environment variables, which may be exploited by attackers to launch attacks. If PermitUserEnvironment is set to yes, attackers can modify SSH environment variables to evade the security mechanism or execute attack code. This configuration must be...
GO-2025-3970 DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error in d7y.io/dragonfly
DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error in d7y.io/dragonfly...
CVE-2025-55038
CVE-2025-55038 affects AutomationDirect CLICK PLUS C2-03CPU2 firmware 3.60. Through the KOPR protocol used by the Remote PLC app, authenticated users with low-level permissions can read and modify PLC variables beyond their authorization. Documents substantiate an authorization bypass with impact...
AutomationDirect CLICK PLUS 安全漏洞
The AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60, which stems from improper authorization of the KOPR protocol, and could result in a low-privileged user overstepping...
CVE-2025-59434
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScri...