7833 matches found
CVE-2025-49136 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Summary The env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on the host. While this may not be a problem on single-user super admin installations, on multi-user installations, this allows non-super-admin users with campaign or template...
CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...
WilderForge 安全漏洞
WilderForge is a Wildermyth core module API open-sourced by WilderForge. A security vulnerability exists in WilderForge that stems from the improper use of user-controlled variables in GitHub Actions, which could lead to arbitrary command execution...
PT-2025-24568 · Gnu +1 · Gnu Pspp +1
Name of the Vulnerable Software and Affected Versions: GNU PSPP version 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb Description: A critical issue has been discovered, affecting the parse variables option function in the utilities/pspp-convert.c file. This leads to an out-of-bounds write. The attack...
GNU PSPP 安全漏洞
GNU PSPP is an application for data sampling, statistics and analysis from the US GNU community. A security vulnerability exists in GNU PSPP that stems from the presence of a non-heap memory release in the function parsevariablesoption...
GNU PSPP 缓冲区错误漏洞
GNU PSPP is a free statistical software used as an alternative to the commercial software SPSS for data analysis and statistics. GNU PSPP suffers from a buffer overflow vulnerability that originates in the parsevariablesoption function in the utilities/pspp-convert.c file. No detailed vulnerabili...
Malicious code in feature-gen-dt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1cb1501cf9b4d2f4476c326f065fbadb057653b09f479cdd836bee84dce76ee1 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
Malicious code in stubsoutagn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d6fba8f0ef8a9e8c54dd8fd281d9202994fc306f4bb614f6cf3ace71fff6164 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
Malicious code in stubsout (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 288961ef642901bbbd1ecf1fee45702985e9691d3f2fdc95f5990a197df2782b While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
MAL-2025-191877 Malicious code in spyderlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5c8cd8b0bcebda767e6d2f280c42cfd952522e31086aa816be6b3350611874a1 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
Malicious code in win32con (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b4e7d7a177e3531b4a2566e3c5d1796c1bf18c922bda8943d13e92ef33044141 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
Malicious code in tableausdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2facdadd713d6c1751cf3c2ca1e5e76f1cb367c5d30c3f06fe73808c6a08fca3 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
Malicious code in pyximport (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4495a2909bdab391f460c6671937fa60d164f745657520e43700b229f56faf0a While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
MAL-2025-191884 Malicious code in tableausdk (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 2facdadd713d6c1751cf3c2ca1e5e76f1cb367c5d30c3f06fe73808c6a08fca3 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
Malicious code in spyderlib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5c8cd8b0bcebda767e6d2f280c42cfd952522e31086aa816be6b3350611874a1 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
MAL-2025-191880 Malicious code in stubsoutagn (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d6fba8f0ef8a9e8c54dd8fd281d9202994fc306f4bb614f6cf3ace71fff6164 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
MAL-2025-191726 Malicious code in feature-gen-dt (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1cb1501cf9b4d2f4476c326f065fbadb057653b09f479cdd836bee84dce76ee1 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
MAL-2025-191848 Malicious code in pyximport (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4495a2909bdab391f460c6671937fa60d164f745657520e43700b229f56faf0a While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...
MAL-2025-191932 Malicious code in win32con (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 b4e7d7a177e3531b4a2566e3c5d1796c1bf18c922bda8943d13e92ef33044141 While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...