CVE-2026-29514

A flaw was found in NetBox. Authenticated users with exporttemplate or configtemplate permissions can exploit a vulnerability in the RenderTemplateMixin.getenvironmentparams method. By specifying malicious Python code in the environmentparams field, attackers can bypass security protections and...

EUVD-2026-26997

NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.getenvironmentparams method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python callables in the...

CVE-2026-29514

CVE-2026-29514 affects NetBox versions 4.3.5 through 4.5.4, with a remote code execution flaw in the RenderTemplateMixin.get_environment_params() method. Authenticated users with exporttemplate or configtemplate permissions can supply malicious Python callables in the environment_params field, de...

NetBox 安全漏洞

NetBox is a tool developed by the NetBox community, based on Django and PostgreSQL, for IP address management IPAM and data center infrastructure management DCIM. There were security vulnerabilities in versions 4.3.5 to 4.5.4 of NetBox. These vulnerabilities stemmed from remote code execution in...

PT-2026-36830

Name of the Vulnerable Software and Affected Versions NetBox versions 4.3.5 through 4.5.4 Description An issue in the RenderTemplateMixin.get environment params method allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code. By specifying malicious...

USN-4781-1: Slurm vulnerabilities

It was discovered that Slurm incorrectly handled certain messages between the daemon and the user. An attacker could possibly use this issue to assume control of an arbitrary file on the system. This issue only affected Ubuntu 16.04 ESM. CVE-2016-10030 It was discovered that Slurm mishandled SPAN...

Exposure of Resource to Wrong Sphere in ThinkPHP Framework

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...

Code injection

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php...

USN-3938-1 systemd vulnerability

Jann Horn discovered that pamsystemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges...