Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Inetutils vulnerabilities (USN-8387-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8387-1 advisory. It was discovered that the Inetutils telnet daemon incorrectly handled th...

9.8CVSS6.5AI score0.23674EPSS
Exploits13References4
NVD
NVD
added 2026/05/14 9:16 p.m.9 views

CVE-2026-45370

python-utcp is the python implementation of UTCP. Prior to 1.1.3, prepareenvironment in clicommunicationprotocol.py passes a full copy of os.environ to every CLI subprocess. When combined with CVE-2026-45369, an attacker can exfiltrate all process-level secrets in a single tool call. This...

7.7CVSS0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.12 views

Universal Tool Calling Protocol 安全漏洞

Universal Tool Calling Protocol is an official Python implementation of the UTCP open-source protocol. Versions prior to 1.1.3 of Universal Tool Calling Protocol contained security vulnerabilities; these vulnerabilities stemmed from the prepareenvironment method passing complete environment...

7.7CVSS5.8AI score0.00223EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:58 p.m.2 views

CVE-2026-41357

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

3.3CVSS5.8AI score0.00152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.5 views

PT-2026-34788

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

3.3CVSS5.8AI score0.00152EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 7:28 p.m.5 views

PraisonAI Vulnerable to Sensitive Environment Variable Exposure via Untrusted MCP Subprocess Execution

PraisonAI’s MCP Model Context Protocol integration allows spawning background servers via stdio using user-supplied command strings e.g., MCP"npx -y @smithery/cli ...". These commands are executed through Python’s subprocess module. By default, the implementation forwards the entire parent proces...

5.5CVSS6.1AI score0.00182EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/07 4:28 p.m.30 views

CVE-2026-30852 Caddy: vars_regexp double-expands user input, leaking env vars and files

Caddy is an extensible server platform that uses TLS by default. From version 2.7.5 to before version 2.11.2, the varsregexp matcher in vars.go:337 double-expands user-controlled input through the Caddy replacer. When varsregexp matches against a placeholder like http.request.header.X-Input, the...

6.9CVSS0.00401EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.5 views

PT-2026-23797

Name of the Vulnerable Software and Affected Versions Caddy versions 2.7.5 through 2.11.2 Description The vars regexp matcher in Caddy double-expands user-controlled input through the Caddy replacer. When vars regexp matches a placeholder like http.request.header.X-Input, the header value is...

9.9CVSS5.8AI score0.22162EPSS
Exploits68References142
RedHat Linux
RedHat Linux
added 2021/11/09 6:42 p.m.2 views

buildah: Host environment variables leaked in build container when using chroot isolation

An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds e.g. Dockerfile RUN commands can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment,...

5.5CVSS7AI score0.00319EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/07/19 3:19 p.m.160 views

Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

5.5CVSS5.8AI score0.00319EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2021/07/19 3:19 p.m.25 views

GHSA-7638-R9R3-RMJJ Buildah processes using chroot isolation may leak environment values to intermediate processes

Impact When running processes using "chroot" isolation, the process being run can examine the environment variables of its immediate parent and grandparent processes CVE-2021-3602. This isolation type is often used when running buildah in unprivileged containers, and it is often used to do so in...

5.5CVSS5.7AI score0.00319EPSS
Exploits0References7
OSV
OSV
added 2021/04/12 2:15 p.m.7 views

CVE-2021-24226

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

7.5CVSS5.8AI score0.05404EPSS
Exploits2References1
Cvelist
Cvelist
added 2019/08/09 6:21 p.m.35 views

CVE-2019-14433

An issue was discovered in OpenStack Nova before 17.0.12, 18.x before 18.2.2, and 19.x before 19.0.2. If an API request from an authenticated user ends in a fault condition due to an external exception, details of the underlying environment may be leaked in the response, and could include sensiti...

6.2AI score0.01927EPSS
Exploits0References8
OSV
OSV
added 2019/06/21 6:49 p.m.3 views

USN-4030-1 web2py vulnerabilities

It was discovered that web2py does not properly check denied hosts before verifying passwords. An attacker could possibly use this issue to perform brute-force attacks. CVE-2016-10321 It was discovered that web2py allows remote attackers to obtain environment variable values. An attacker could...

9.8CVSS7.1AI score0.0499EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2018/10/16 5:38 p.m.4 views

puppet: Environment leakage in puppet-agent

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4...

6.5CVSS5.8AI score0.01019EPSS
Exploits0References5
Rows per page
Query Builder