EUVD-2025-209753

An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data site names, versions, and configuration variables and bypass privilege requirements via unprotected endpoints lacking adequate security headers...

EUVD-2026-12720

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

CVE-2026-32063

OpenClaw 2026.2.19-2 is affected by a command injection in systemd unit file generation due to unvalidated CR/LF in attacker-controlled environment values. An attacker who can influence config.env.vars and trigger service install or restart can execute arbitrary commands with the privileges of th...

PT-2026-24673

Summary A command injection vulnerability exists in OpenClaw’s Linux systemd unit generation path. When rendering Environment= entries, attacker-controlled values are not rejected for CR/LF, and systemdEscapeArg uses an incorrect whitespace-matching regex. This allows newline injection to break o...

CVE-2021-31550

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...

EUVD-2020-7210

Malware in sbrugna...

EUVD-2015-1950

Malware in sbrugna...

EUVD-2021-18447

Malware in sbrugna...

Sensitive Information Disclosure

Apache Airflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to insufficient masking of sensitive configuration variables in task logs, allowing DAG authors to log such variables unintentionally or intentionally, potentially exposing them to unauthorized users...

BIT-AIRFLOW-2024-45784 Apache Airflow: Sensitive configuration values are not masked in the logs by default

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...

Apache Airflow: Sensitive configuration values are not masked in the logs by default

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...

CVE-2024-45784

Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially...

CVE-2024-45784

Summary (CVE-2024-45784): Apache Airflow versions before 2.10.3 may log sensitive configuration variables in task logs, risking exposure to unauthorized users. The underlying issue is that secrets were not masked in logging output. Version 2.10.3 and later mask secrets in task logs, mitigating th...

PT-2024-9206 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions before 2.10.3 Description: The issue is related to the exposure of sensitive configuration variables in task logs. This could allow unauthorized users to access critical data, potentially compromising the security of t...

Code Injection

getgrav/grav is vulnerable to Code Injection. The vulnerability is due to unrestricted access to the Twig extension class from the Grav context. This flaw allows attackers to redefine configuration variables and bypass previous Server-Side Template Injection SSTI mitigations...

CVE-2022-25967

Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution RCE by overwriting template engine configuration variables with view options received from The Express render API. Note: This is exploitable only for users who are rendering templates with user-defined data...

CVE-2022-3793

An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to...

CVE-2021-29483 wikiconfig API leaked private config variables set through ManageWiki

ManageWiki is an extension to the MediaWiki project. The 'wikiconfig' API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18...befb83c66f5b.patch. If you are...

CVE-2021-29483

ManageWiki is an extension to the MediaWiki project. The ‘wikiconfig’ API leaked the value of private configuration variables set through the ManageWiki variable to all users. This has been patched by https://github.com/miraheze/ManageWiki/compare/99f3b2c8af18…befb83c66f5b.patch. If you are unabl...

CVE-2021-31550

An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...