CVE-2024-12226

CVE-2024-12226 affects Octopus Kubernetes: the Kubernetes worker/agent (versions 1–2) could log sensitive variables in clear-text to the Kubernetes script pod log. Root cause details beyond what’s stated are not provided. The issue has been fixed for both versions 1 and 2; apply the documented fi...

CVE-2024-12226

In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions...

CVE-2024-29980

CVE-2024-29980 affects Phoenix SecureCore software across Intel Kaby Lake, Coffee Lake, Comet Lake and Ice Lake. Root cause: improper check for unusual or exceptional conditions leading to input data manipulation. Affected versions: Kaby Lake before 4.0.1.1012; Coffee Lake before 4.1.0.568; Comet...

CLSA-2025-1736860159 squid: Fix of 2 CVEs

CVE-2024-23638: Fix Denial of Service attack against Cache Manager error responses - CVE-2024-37894: Fix Out-of-bounds Write error when assigning ESI variables...

CVE-2024-11736

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

CVE-2024-11736

CVE-2024-11736 (Keycloak) : The vulnerability arises when admins configure backchannel logout or admin URLs containing placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with environment variables/system properties during URL processing, potentially allowing a...

CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

GHSA-F4V7-3MWW-9GC2 Keycloak allows unrestricted admin use of system and environment variables

A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...

Keycloak allows unrestricted admin use of system and environment variables

A security vulnerability has been identified that allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. Specifically, when configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME ...

CVE-2024-11736

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

org.keycloak:keycloak-quarkus-server: Unrestricted admin use of system and environment variables

A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like $env.VARNAME or $PROPNAME. The serve...

PT-2025-1684 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A security issue allows admin users to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin...

Malicious code in hardhat-dotenv (npm)

The package contains code to exfiltrate environment variables to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3339a5b064b412e57a50444acb2bd685d7e5e7684e6d9ceaa0f1c31ff1f97454 Any computer that has this package installed or running...

MAL-2025-65 Malicious code in hardhat-dotenv (npm)

The package contains code to exfiltrate environment variables to an attacker-controlled server. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3339a5b064b412e57a50444acb2bd685d7e5e7684e6d9ceaa0f1c31ff1f97454 Any computer that has this package installed or running...

CVE-2024-56446

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56446

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56446

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2024-56446

Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability...

SUSE CVE-2024-12426

Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remo...