MAL-2025-21578 Malicious code in global-baryon-dotenv-parse-variables-frontend (npm)

The package global-baryon-dotenv-parse-variables-frontend was found to contain malicious code...

MAL-2025-15806 Malicious code in blazar-non-blocking-dotenv-parse-variables-test (npm)

The package blazar-non-blocking-dotenv-parse-variables-test was found to contain malicious code...

CVE-2025-7971

A security issues exists within Studio 5000 Logix Designer due to unsafe handling of environment variables. If the specified path lacks a valid file, Logix Designer crashes; However, it may be possible to execute malicious code without triggering a crash...

CVE-2025-7971

CVE-2025-7971 affects Rockwell Automation’s Studio 5000 Logix Designer. The issue arises from unsafe handling of environment variables, where a path without a valid file can cause the application to crash and, in some cases, may allow arbitrary code execution locally. The available connected sour...

httpd: insufficient escaping of user-supplied data in mod_ssl

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

Rockwell Automation Studio 5000 Logix Designer 安全漏洞

Rockwell Automation Studio 5000 Logix Designer is a Windows-based application from Rockwell Automation, Inc. It is used to build programs for PLCs. A security vulnerability exists in Rockwell Automation Studio 5000 Logix Designer that stems from improper handling of environment variables could...

PT-2025-33298 · Rockwell Automation · Studio 5000 Logix Designer

Name of the Vulnerable Software and Affected Versions: Studio 5000 Logix Designer affected versions not specified Description: A security issue exists in Studio 5000 Logix Designer related to unsafe handling of environment variables. When a specified path does not contain a valid file, the softwa...

CVE-2025-8860

A flaw was found in QEMU in the uefi-vars virtual device. When the guest writes to register UEFIVARSREGBUFFERSIZE, the .write callback uefivarswrite is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. Wh...

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the uefivarswrite function. The UEFIVARSREGPIOBUFFERTRANSFER register is not cleared between write callbacks with uefivarswrite and read callbacks with uefivarsrea...

Linux Distros Unpatched Vulnerability : CVE-2024-56676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with free Variables annotated with fre...

kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider

A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...

CVE-2025-43195

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...

CVE-2025-43195

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...

CVE-2025-43195

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...

Malicious code in udn_extras (npm)

The package is a malware because it contains a postinstall script that executes index.js. The index.js script gathers sensitive information such as hostname, platform, username, IP address, and environment variables and sends it to an external server webhook.site via an HTTPS POST request. This...

PT-2025-33783

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A stack buffer overflow exists in the gmin get var int function when handling EFI variables larger than 64 bytes. The gmin get config var function does not properly return error codes...

shellshocker-pocs

This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...

CVE-2025-8101

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Linkify linkifyjs allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2...

Exploit for Improper Input Validation in Jenkins Git_Parameter

CVE-2025-53652: Jenkins Git Parameter Plugin Unvalidated Input...

SUSE-SU-2025:02475-1 Security update 4.3.16 for Multi-Linux Manager Server

This update fixes the following issues: cobbler: - Prevent crash during Cobbler startup on NFS environments bsc1240666 - Synchronize cobbler add and sync actions bsc1233371 - Exclude disabled profiles from buildiso gen bsc1230908 grafana-formula: - Version 4.3.0: Added SUSE Linux Enterprise Serve...