MAL-2025-191879 Malicious code in stubsout (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 288961ef642901bbbd1ecf1fee45702985e9691d3f2fdc95f5990a197df2782b While described as telemetry, importing the package attempts to send out some basic info as well as quite sensitive environmental variables. --- Category:...

SUSE CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

GHSA-7W8P-CHXQ-2789 Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables

Summary The Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false impression that variables listed in the option are impossible to read. PoC export...

Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables

Summary The Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false impression that variables listed in the option are impossible to read. PoC export...

CVE-2025-48934

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...

PT-2025-23841 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 2.1.13 and prior to 2.2.13 Description: The issue affects Deno, a JavaScript, TypeScript, and WebAssembly runtime. It involves the Deno.env.toObject method, which ignores variables listed in the --deny-env option of the...

CVE-2024-47056

Mautic is affected by CVE-2024-47056, where the .env configuration file can be accessed directly via a web browser due to improper server access controls. This exposure can lead to disclosure of sensitive information, including database credentials, API keys, and other critical configurations. Im...

The vulnerability of the dcpd service in the microprogramming software of Siemens Scalance LPE9403 allows a hacker to trigger a maintenance failure.

The vulnerability of the dcpd service in Siemens Scalance LPE9403 microprogrammed switching devices is related to the use of uninitialized variables. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending specially crafted malware packages...

SUSE CVE-2025-48069

ejson2env allows users to decrypt EJSON secrets and export them as environment variables. Prior to version 2.0.8, the ejson2env tool has a vulnerability related to how it writes to stdout. Specifically, the tool is intended to write an export statement for environment variables and their values...

BIT-GITLAB-2025-4979 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables that they did not author in the WebUI, by simply creating their own variable and observing the HTTP...

CVE-2025-4979

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables that they did not author in the WebUI, by simply creating their own variable and observing the HTTP...

CVE-2025-24362

In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository...

CVE-2024-47174

Nix is a package manager for Linux and other Unix systems. Starting in version 1.11 and prior to versions 2.18.8 and 2.24.8, did not verify TLS certificates on HTTPS connections. This could lead to connection details such as full URLs or credentials leaking in case of a man-in-the-middle MITM...

CVE-2024-31874

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318...

CVE-2024-23238

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables...

CVE-2024-34696

GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...

CVE-2024-24939

In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in both the Community and Enterprise Editions of GitLab. The vulnerabilities include falsely displaying full e-mail addresses to unauthorized users, insufficient input validation that can lead to Denial-of-Service, and the ability for attackers to expose masked CI...

CVE-2024-40842

An issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data...

CVE-2024-42482

fish-shop/syntax-check is a GitHub action for syntax checking fish shell files. Improper neutralization of delimiters in the pattern input specifically the command separator ; and command substitution characters and mean that arbitrary command injection is possible by modification of the input...