Lucene search
K

2668 matches found

EUVD
EUVD
added 2026/01/08 9:13 p.m.18 views

EUVD-2026-1462

Shakapacker has environment variable leak via EnvironmentPlugin that exposes secrets to client-side bundles...

6.4AI score
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 10:30 p.m.23 views

CVE-2025-69262 pnpm vulnerable to Command Injection via environment variable substitution

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

7.5CVSS0.00949EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/07 10:30 p.m.8 views

EUVD-2026-1159

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

7.5CVSS7AI score0.00949EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/01/07 10:30 p.m.4 views

CVE-2025-69262

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

7.8CVSS7.6AI score0.00949EPSS
Exploits1
OSV
OSV
added 2026/01/07 6:51 p.m.3 views

GHSA-2PHV-J68V-WWQX pnpm vulnerable to Command Injection via environment variable substitution

Summary A command injection vulnerability exists in pnpm when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve remote code execution RCE in build environments...

7.5CVSS8.5AI score0.00949EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:32 a.m.4 views

CVE-2019-16729

pam-python before 1.0.7-1 has an issue in regard to the default environment variable handling of Python, which could allow for local root escalation in certain PAM setups...

7.8CVSS6.9AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.9 views

pnpm 代码注入漏洞

pnpm is a package manager for pnpm open source. A code injection vulnerability exists in pnpm versions 6.25.0 through 10.26.2, which stems from command injection when using environment variable substitution in the .npmrc configuration file, and could lead to remote code execution...

7.8CVSS8.1AI score0.00949EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.7 views

AlmaLinux 9 : httpd (ALSA-2025:23919)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23919 advisory. httpd: Apache HTTP Server: CGI environment variable override CVE-2025-65082 httpd: Apache HTTP Server: moduserdir+suexec bypass via AllowOverride FileInf...

8.3CVSS5.6AI score0.015EPSS
Exploits0References5
Amazon
Amazon
added 2026/01/07 12:0 a.m.74 views

Important: httpd

Issue Overview: Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. CVE-2025-58098 Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache HTTP Serv...

8.3CVSS6.7AI score0.015EPSS
Exploits0
Snyk
Snyk
added 2026/01/05 10:58 p.m.4 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the unicode processing of HTTP header values. An attacker can bypass firewall or proxy protections by sending requests containing non-ASCII characters. Note: This is only exploitable if C extensions are not in...

6.5CVSS6.9AI score0.00213EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/03 9:0 a.m.9 views

CVE-2025-15437

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.4CVSS3.5AI score0.00242EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 9:15 a.m.6 views

CVE-2025-15437

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.4CVSS3.5AI score
Exploits0References8
NVD
NVD
added 2026/01/02 9:15 a.m.3 views

CVE-2025-15437

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.4CVSS0.00242EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/01/02 8:32 a.m.26 views

CVE-2025-15437 LigeroSmart Environment Variable cross site scripting

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.1CVSS0.00242EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2026/01/02 8:32 a.m.4 views

CVE-2025-15437 LigeroSmart Environment Variable cross site scripting

A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing a manipulation of the argument REQUESTURI results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could...

5.1CVSS3.5AI score0.00242EPSS
Exploits1References8
CVE
CVE
added 2026/01/02 8:32 a.m.16 views

CVE-2025-15437

LigeroSmart (up to 6.1.24) has a cross-site scripting vulnerability in the Environment Variable Handler, triggered by manipulation of the REQUEST_URI argument. The attack can be initiated remotely and an exploit has been publicly disclosed. Remediation: upgrade to LigeroSmart 6.1.26 or 6.3; patch...

5.4CVSS3.5AI score0.00242EPSS
Exploits1References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.5 views

PT-2026-1060

Name of the Vulnerable Software and Affected Versions LigeroSmart versions up to 6.1.24 Description A flaw exists in the Environment Variable Handler component of LigeroSmart. Manipulation of the REQUEST URI argument can lead to cross-site scripting. The issue may be exploited remotely. The explo...

5.1CVSS5.6AI score0.00242EPSS
Exploits1References12
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.3 views

LigeroSmart 代码注入漏洞

LigeroSmart is a management platform for LigeroSmart open source. A code injection vulnerability exists in LigeroSmart versions 6.1.24 and earlier, which stems from the incorrect manipulation of the parameter REQUESTURI in the component Environment Variable Handler, and could lead to a cross-site...

5.4CVSS4.7AI score0.00242EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-4281

Name of the Vulnerable Software and Affected Versions Incus versions 6.20.0 and below Description Incus is a system container and virtual machine manager. A user with the ability to launch a container with a custom YAML configuration can create an environment variable containing newlines. This ca...

8.7CVSS5.8AI score0.0053EPSS
Exploits2References102
Rockylinux
Rockylinux
added 2025/12/24 9:9 a.m.7 views

httpd security update

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The httpd packages provide the Apache HTTP Server, a powerful, efficient, and...

8.3CVSS6.7AI score0.015EPSS
Exploits0
Rows per page
Query Builder