SUSE CVE-2025-49136

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...

CVE-2025-6587

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...

CVE-2025-6587

Docker Desktop CVE-2025-6587 concerns the logging of system environment variables in diagnostic logs when using shell auto-completion, potentially exposing API keys, passwords, or other secrets to anyone with read access to those logs. Multiple connected sources confirm the vulnerability affects ...

CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...

CVE-2025-6587 Exposure of system environment variables in Docker Desktop diagnostic logs

System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. A malicious actor with read access to these logs could obtain secrets and further use...

Docker Desktop 安全漏洞

Docker Desktop is a desktop software for lightweight deployment of applications based on container technology from Docker Inc. in the United States. The product provides a desktop environment that supports creating a container lightweight virtual machine and deploying and running applications on...

CVE-2025-6624

Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or...

PT-2025-44651

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description A performance degradation can occur when expanding environment variables using the os.path.expandvars function if the value passed to it is user-controlled. The function os.path.expandvars is susceptible to th...

osbuild-composer security update

101-4.0.1 - Rebuilt to fix: - CVE-2024-34156 - CVE-2024-1394 - RHEL-24303 - RHEL-57905 - Support using repository definitons with OCI variables JIRA: OLDIS-38657 - Update repositories to contain OCI variables - Remove image types Minimal-raw and wsl JIRA: OLDIS-38123 - Increase default /boot size...

SUSE SLES12 Security Update : pam-config (SUSE-SU-2025:02081-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:02081-1 advisory. - CVE-2025-6018: Stop adding pamenv in AUTH stack, and be sure to put this module at the really end of the SESSION stack bsc1243226. Tenable has...

Malicious code in variables-dark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 173f7e0807f1ad58388c43d6c333397a0fc271e32d95a0baf9ca42ca1c9ff324 The OpenSSF Package Analysis project identified 'variables-dark' @...

MAL-2025-5275 Malicious code in variables-dark (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 173f7e0807f1ad58388c43d6c333397a0fc271e32d95a0baf9ca42ca1c9ff324 The OpenSSF Package Analysis project identified 'variables-dark' @...

A Halpha Metric for Identifying Dormant Black Holes in X-Ray Transients

Dormant black holes BHs in X-ray transients can be identified by the presence of broad Ha emission lines from quiescent accretion discs. Unfortunately, short-period cataclysmic variables CVs can also produce broad Ha lines, especially when viewed at high inclinations, and are thus a major source ...

PT-2025-26297

Name of the Vulnerable Software and Affected Versions: The Phoenix Code versions prior to the version with commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da Description: The issue is related to the configuration of The Phoenix Code on macOS, specifically the presence of certain entitlements. These...

The vulnerability of the gsf_base64_encode_simple function in the structured files library. The GNOME Project’s libgsf allows attackers to compromise the confidentiality of protected information.

The vulnerability of the gsfbase64encodesimple function in the structured file library: The GNOME Project’s libgsf relies on the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to compromise the confidentiality of the protected information...

CVE-2025-50202

Lychee (PHP-based photo-management tool) has a path traversal vulnerability in SecurePathController.php affecting versions 6.6.6–6.6.9. The issue allows leakage of local files, including environment variables, nginx logs, other users’ uploaded images, and configuration secrets. The root cause is ...

CVE-2025-45784

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of uninitialized variables in the wilwritefilewmi function...

CVE-2025-45784

D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVISUSERPASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially...

TencentOS Server 2: postgresql (TSSA-2024:1109)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1109 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...