7688 matches found
CVE-2025-13763 Libopensc: opensc: multiple uses of uninitialized variable
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs...
CVE-2025-13763
Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs Mitigation To mitigate this issue, avoid...
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra se...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from environmental variable cleanup issues, where GITTEMPLATEDIR and AWSCONFIGFILE were not protected...
OpenSC 安全漏洞
OpenSC is an open-source smart card tool and middleware developed by OpenSC. There is a security vulnerability in OpenSC, which stems from the use of uninitialized variables multiple times, potentially leading to information leaks or application crashes. The attack requires a specially crafted US...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from environmental variable leakage in the SSH-based sandbox backend. Uncleanly passed process.env values we...
Malicious code in xinference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...
MAL-2026-3000 Malicious code in xinference (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1d006f6a08c959393160456d4ace221fd165b6d609fc8356ebfb041979aef93d Versions 2.6.0, 2.6.1, 2.6.2 were compromised. Following a malicious pull request that exfiltrated sensitive data from the CI runner, three malicious PyPI...
Server-side Request Forgery (SSRF)
Overview flarum/core is a simple discussion platform for your website. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the interpolation of unvalidated LESS config variables during CSS compilation. An attacker can access arbitrary files on the server or...
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)
Summary Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for example themeprimarycolor and themesecondarycolor, as well as any key...
Nuclei: Environment variable disclosure via Response-Derived DSL Expressions
A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...
GHSA-JM34-66CF-QPVR Nuclei: Environment variable disclosure via Response-Derived DSL Expressions
A vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is...
EUVD-2026-25014
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
uutils coreutils has an Improper Check for Unusual or Exceptional Conditions
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
GHSA-7259-CWHX-3XX3 uutils coreutils has an Improper Check for Unusual or Exceptional Conditions
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
UBUNTU-CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...
CVE-2026-35366
The CVE-2026-35366 entry concerns the printenv utility in uutils coreutils. Affected component: printenv reads environment strings and, when variables contain invalid UTF-8 byte sequences, uutils’ implementation silently skips printing them instead of showing the raw bytes. This can allow malicio...
CVE-2026-35366
The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...