8 matches found
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
CVE-2025-58373
Roo Code (editor-integrated AI coding agent) versions 3.25.23 and earlier contain a symlink-based bypass of the .rooignore protections. An attacker with write access to the workspace could trick the extension into reading files that should be excluded (for example, .env or other configuration dat...
eslint-ban-moment 安全漏洞
eslint-ban-moment is an application by the individual developer Kristófer Fannar Björnsson. A security vulnerability exists in eslint-ban-moment 3.0.0 and earlier versions, which originates from the exposure of sensitive Supabase URIs in .env files, which could lead to data exfiltration,...
CVE-2024-24757 open-irs .env Exposure
open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...
CVE-2024-24757 open-irs .env Exposure
open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...
CVE-2024-24757 open-irs .env Exposure
open-irs is an issue response robot that reponds to issues in the installed repository. The .env file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets...
Exposure of .env if project root is configured as web root in shopware/production
Impact The .env and other sensitive files can be leaked if the project root and not /public is configured as the web root. Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview...
GHSA-3PCR-4982-548M Exposure of .env if project root is configured as web root in shopware/production
Impact The .env and other sensitive files can be leaked if the project root and not /public is configured as the web root. Patches We recommend to update to the current version 6.3.5.3. You can get the update to 6.3.5.3 regularly via the Auto-Updater or directly via the download overview...