BIT-JOOMLA-2023-40626 [20231101] - Core - Exposure of environment variables

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

UBUNTU-CVE-2025-21998

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: fix efivars registration race Since the conversion to using the TZ allocator, the efivars service is registered before the memory pool has been allocated, something which can lead to a NULL-pointer...

The vulnerability of the nfsd4_encode_fattr4() function in the network file system of Linux kernel allows a hacker to cause a service failure.

The vulnerability of the nfsd4encodefattr4 function in the Network File System of Linux operating systems is related to the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2025-24191

The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system...

Cisco Meraki Z和Cisco Meraki MX 安全漏洞

Cisco Meraki Z and Cisco Meraki MX are both products of Cisco, Inc.Cisco Meraki Z is an enterprise-class firewall, VPN gateway, and router.Cisco Meraki MX is a multifunction security and SD-WAN enterprise appliance. A security vulnerability exists in Cisco Meraki Z and Cisco Meraki MX that stems...

CVE-2025-24191

The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system...

CVE-2025-24191

The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system...

GHSA-F3MF-HM6V-JFHH Mesop Class Pollution vulnerability leads to DoS and Jailbreak attacks

From @jackfromeast and @superboy-zjc: We have identified a class pollution vulnerability in Mesop = 0.14.0 application that allows attackers to overwrite global variables and class attributes in certain Mesop modules during runtime. This vulnerability could directly lead to a denial of service Do...

GHSA-FM3H-P9WM-H74H Directus's webhook trigger flows can leak sensitive data

Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...

CVE-2025-30353

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

CLSA-2025-1743011981 postgresql: Fix of CVE-2024-10979

CVE-2024-10979: fix incorrect control of environment variables in PostgreSQL PL/Perl...

CVE-2025-30353 Directus's webhook trigger flows can leak sensitive data

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

Shescape 信息泄露漏洞

Shescape is a simple shell escaping package for JavaScript by the individual developer Eric Cornelissen. An information disclosure vulnerability exists in Shescape versions 1.7.2 through 2.1.1, which stems from the potential exposure of environment variables when using CMD on Windows...

The vulnerability of the vfiopciIoctlGetPCIHotResetInfo() function in the drivers/vfio/pci/vfiopciCore.c module of the Linux kernel allows a hacker to cause a service failure.

The vulnerability of the vfiopciIoctlGetPCIHotResetInfo function in the drivers/vfio/pci/vfiopciCore.c module of the Linux kernel is related to the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the nfsd_net_init() function in the fs/nfsd/nfsctl.c module of the NFS file system in Linux kernels allows a attacker to cause a service failure.

The vulnerability of the nfsdnetinit function in the fs/nfsd/nfsctl.c file of the NFS network file system in Linux kernels is related to the use of uninitialized variables. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2024-8238

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

CVE-2024-8238 Unrestricted Code Execution in aimhubio/aim

In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safergetattr function from RestrictedPython. This version does not protect against the str.formatmap method, allowing an attacker to leak server-side secrets or potentially gain unrestricted code execution...

anything-llm 信息泄露漏洞

AnythingLLM is a chatbot application that supports building using commercial or open source big language models combined with a private knowledge base. An information disclosure vulnerability exists in AnythingLLM, which can be exploited to obtain an API key from a process environment variable...

CVE-2024-56182

A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC Field PG M6 All versions V26.01.12, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC...

CVE-2024-56181

A vulnerability has been identified in SIMATIC Field PG M5 All versions, SIMATIC IPC BX-21A All versions V31.01.07, SIMATIC IPC BX-32A All versions V29.01.07, SIMATIC IPC BX-39A All versions V29.01.07, SIMATIC IPC BX-59A All versions V32.01.04, SIMATIC IPC PX-32A All versions V29.01.07, SIMATIC I...