CVE-2025-9176 neurobin shc Environment Variable shc.c make os command injection

A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os command injection. The attack is only possible with local access. The exploit has been released to the...

CVE-2025-9176

CVE-2025-9176 affects neurobin shc up to version 4.0.3. The vulnerability is in the Environment Variable Handler, specifically the make function in src/shc.c, enabling local OS command injection. Exploitation requires local access, and public exploits/ PoC are mentioned in multiple sources. Remed...

PT-2025-33886 · Unknown · Neurobin Shc

Name of the Vulnerable Software and Affected Versions: neurobin shc versions through 4.0.3 Description: A security flaw has been discovered in the Environment Variable Handler component of neurobin shc. The make function within the src/shc.c file is affected, resulting in operating system command...

Linux Distros Unpatched Vulnerability : CVE-2023-40590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after...

CVE-2025-7972

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODEENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers...

BIT-LIBPHP-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

BIT-LIBPHP-2022-4900 Potential buffer overflow in php_cli_server_startup_workers

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

Security Bulletin: Kafka client library upgraded to kafka-clients-3.9.1

Summary Kafka client library upgraded to kafka-clients-3.9.1. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for...

SUSE CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

CVE-2025-54368

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials

uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...

CVE-2025-43195

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...

Important: mtr

Issue Overview: mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. CVE-2025-49809 Affected Packages: mtr Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

CVE-2025-43195

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...

CVE-2025-43195

CVE-2025-43195 describes an environment-variable handling issue in macOS that could allow an app to access sensitive user data. The root cause is improper validation in how environment variables are processed, which was addressed by improved validation in the macOS updates. Affected products incl...

D-Link DIR-816L Command Injection Vulnerability

The D-Link DIR-816L is a wireless router from China's AUO D-Link. A command injection vulnerability exists in the D-Link DIR-816L 2.06B01 and earlier versions, which stems from the lxmldbcsystem function in the environment variable handling component failing to properly filter construct command...

(Pwn2Own) NVIDIA Container Toolkit Environment Variable Handling Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handlin...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-1819)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-7836

A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbcsystem of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launche...

Malicious code in paradox-pydevdeps (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ffb02e4aaa239e465a9365307dc9f04e5d881cc9f56bd34a1112ce87db7998bc Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...