CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/05/08 1:12 p.m.•10 views

CVE-2026-7864

SEPPmail Secure Email Gateway is affected by CVE-2026-7864: versions prior to 15.0.4 expose server environment variables via an unauthenticated endpoint in the new GINA UI, enabling remote attackers to obtain sensitive system information. Affected component is the GINA UI backend exposing environ...

6.9CVSS5.8AI score0.00096EPSS

Vulnrichment•added 2026/05/08 1:12 p.m.•5 views

CVE-2026-7864 Exposure of Sensitive Information to an Unauthorized Actor

6.9CVSS5.8AI score0.00096EPSS

AstraLinux•added 2026/05/08 9:9 a.m.•9 views

Astra Linux - уязвимость в inetutils

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

4.7CVSS5.9AI score0.0006EPSS

Exploits1References3

NVD•added 2026/05/08 4:16 a.m.•9 views

CVE-2026-41645

Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response...

5.3CVSS0.00041EPSS

Vulnrichment•added 2026/05/08 3:17 a.m.•6 views

CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

Cvelist•added 2026/05/08 3:17 a.m.•27 views

CVE-2026-41645 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions

5.3CVSS0.00041EPSS

ATTACKERKB•added 2026/05/08 3:17 a.m.•5 views

CVE-2026-41645

Exploits0References7Affected Software1

EUVD•added 2026/05/08 3:17 a.m.•5 views

EUVD-2026-28498

CVE•added 2026/05/08 3:17 a.m.•9 views

CVE-2026-41645

CVE-2026-41645 affects Nuclei up to version 3.8.0, where the expression evaluation engine can be tricked by HTTP response-derived DSL expressions reused in multi-step templates. If -env-vars (-ev) is explicitly enabled, response data containing DSL expressions can expose host environment variable...

Exploits0References6Affected Software1

CNNVD•added 2026/05/08 12:0 a.m.•5 views

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.4 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated endpoints in the new GINA UI, which exposed...

6.9CVSS6AI score0.00096EPSS

CNNVD•added 2026/05/08 12:0 a.m.•5 views

Nuclei 代码注入漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. Versions of Nuclei from 3.0.0 to 3.8.0 contained a code injection vulnerability. This vulnerability stemmed from the expression evaluation engine, which could allow malicious target servers...

5.3CVSS5.9AI score0.00041EPSS

Exploits0References1

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-38962

Name of the Vulnerable Software and Affected Versions SEPPmail Secure Email Gateway versions prior to 15.0.4 Description An unauthenticated endpoint in the new GINA UI exposes server environment variables, which allows remote attackers to obtain sensitive system information. Recommendations Updat...

6.9CVSS5.8AI score0.00096EPSS

Exploits0References3

Cvelist•added 2026/05/07 8:38 p.m.•24 views

CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

Inngest is a platform for running event-driven and scheduled background functions with queueing, retries, and step orchestration. Versions 3.22.0 through 3.53.1 contain a vulnerability that allows unauthenticated remote attackers to exfiltrate environment variables from the host process via the...

8.6CVSS0.00048EPSS

ATTACKERKB•added 2026/05/07 8:38 p.m.•4 views

CVE-2026-42047

8.6CVSS5.8AI score0.00048EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2026/05/07 8:38 p.m.•5 views

CVE-2026-42047 Inngest TypeScript SDK exposes environment variables via serve() handler on unhandled HTTP methods

8.6CVSS5.8AI score0.00048EPSS

CVE•added 2026/05/07 8:38 p.m.•10 views

CVE-2026-42047

Inngest CVE-2026-42047 affects the TypeScript SDK versions 3.22.0–3.53.1. A change in 3.22.0 made the serve() HTTP handler’s diagnostic response expose process.env contents when unhandled methods PATCH, OPTIONS, or DELETE are used, allowing exfiltration of secrets, API keys, or credentials if the...

8.6CVSS5.8AI score0.00048EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/05/07 8:21 p.m.•6 views

CVE-2026-44114

OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAWGITDIR to manipulate trusted OpenClaw runtime behavior...

8.5CVSS5.8AI score0.00022EPSS

Exploits0References1

RedhatCVE•added 2026/05/07 8:21 p.m.•4 views

CVE-2026-43584

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

8.8CVSS5.9AI score0.0012EPSS

Exploits0References1

RedHat Linux•added 2026/05/07 8:12 p.m.•3 views

openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables

A flaw was found in the OpenSSH GSSAPI Generic Security Service Application Program Interface delta patches, as included in various Linux distributions. A remote attacker could exploit this by sending an unexpected GSSAPI message type during the key exchange process. This occurs because the...

7.5CVSS6.8AI score0.00127EPSS