CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

CVE-2025-28381

CVE-2025-28381 affects OpenC3 COSMOS prior to v6.0.2, where service credentials are exposed as environment variables stored in all containers. The vulnerability is due to credential leakage in containerized environment variables, enabling attackers to access credentials if they can reach the runt...

PT-2025-25412 · Openc3 · Openc3 Cosmos

Name of the Vulnerable Software and Affected Versions: OpenC3 COSMOS version 6.0.0 Description: A credential leak in OpenC3 COSMOS allows attackers to access service credentials as environment variables stored in all containers. This issue is related to the cleartext storage of sensitive...

CVE-2025-28381

A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers...

CVE-2025-49136

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...

SUSE CVE-2025-5898

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has...

SUSE CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

CVE-2025-5899

A flaw was found in GNU PSPP's pspp-convert utility. This vulnerability allows memory corruption and unexpected behaviour via local exploitation of improper memory deallocation in the parsevariablesoption function. Mitigation Mitigation for this issue is either not available or the currently...

CVE-2025-3905

CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser...

PT-2025-24630 · Schneider Electric · Modicon Controllers M241/M251 +1

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A Cross-site Scripting issue exists, impacting system variables. This could allow an authenticated malicious user to inject unvalidated data, potentially modifying or reading data in a...

DEBIAN-CVE-2025-5898

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has...

DEBIAN-CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

UBUNTU-CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

CVE-2025-5899 GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

CVE-2025-49136

listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...

CVE-2025-49136

CVE-2025-49136 affects Listmonk before v5.0.2 where Sprig template functions env and expandenv are enabled by default, enabling non-super-admin users (with campaign/template permissions) to read host environment variables via campaign previews. Public reports and the connected Metasploit auxiliar...