Linux Distros Unpatched Vulnerability : CVE-2023-3399

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions...

Linux Distros Unpatched Vulnerability : CVE-2020-17495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - django-celery-results through 1.2.1 stores task results in the database. Among the data it stores are the variables passed into the tasks. The variables may...

Linux Distros Unpatched Vulnerability : CVE-2021-32751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the application plugin and the gradlew script are...

Linux Distros Unpatched Vulnerability : CVE-2019-0053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to...

MAL-2025-191765 Malicious code in import-license-checker (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c41ca4c8119fa20f7f5915b34de59f879b77fedf237cbbf5a69e46ddbeded428 Package exfiltrates content of .env files to a remote target --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Linux Distros Unpatched Vulnerability : CVE-2025-5899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function...

Linux Distros Unpatched Vulnerability : CVE-2025-4979

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to...

Linux Distros Unpatched Vulnerability : CVE-2016-10122

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firejail does not properly clean environment variables, which allows local users to gain privileges. CVE-2016-10122 Note that Nessus relies on the presence of t...

GHSA-W2WJ-HW98-233H Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8hxp-qmph-w5gq. This link is maintained to preserve external references. Original Description A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes...

Exposure of Sensitive Information Through Environmental Variables

Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Environmental Variables via the substitution process in imported realm documents. An attacker can access sensitive environment variables by injecting malicious content into realm documents durin...

Duplicate Advisory: Keycloak Potential Variable Reference in Model Storage Services

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-8hxp-qmph-w5gq. This link is maintained to preserve external references. Original Description A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes...

CVE-2025-55306

GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...

CVE-2025-9162

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

CVE-2025-9162

The CVE-2025-9162 issue affects Keycloak’s org.keycloak:keycloak-model-storage-service, where the KeycloakRealmImport custom resource substitutes placeholders in imported realm documents, potentially referencing environment variables. This substitution can enable injection of malicious content du...

Exploit for CVE-2025-57105

CVE-2025-57105 Command Injection BUGAuthor Xingyu Wu...

Linux Distros Unpatched Vulnerability : CVE-2024-11931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1...

Linux Distros Unpatched Vulnerability : CVE-2023-50290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables...

CVE-2025-9176

An os command injection flaw has been discovered in neurobin shc. The make function in the src/shc.c file does not properly handle environmental variables, which may lead to command injection. This vulnerability requires local access in order to exploit. Mitigation Mitigation for this issue is...

Shell Script Compiler 安全漏洞

Shell Script Compiler is a shell script compiler by the individual developer Md Jahidul Hamid. A security vulnerability exists in Shell Script Compiler 4.0.3 and earlier versions, which stems from improper handling of environment variables and can lead to os command injection...

CVE-2025-55306 GenX_FX authentication bypass in JWT validation

GenXFX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources Google Cloud...