2629 matches found
MAL-2025-191743 Malicious code in gpu-free-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0846b9b18e7af4ddef44ca9cb92d5543ace58ee3f171080b1570c3f044749dec Code attempts to exfiltrate any env variable containing "key" in name. This action is triggered on multiple occasions thanks to overwriting module loading and...
Exploit for CVE-2024-31969
📌 CVE-2024-31969 CVE-2024-31969 adalah kerentanan local...
TencentOS Server 3: glibc (TSSA-2025:0498)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0498 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
AZL-65136 CVE-2025-49809 affecting package mtr 0.95-1
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...
Exploit for Server-Side Request Forgery in Apache Kafka
Disclaimer: The vulnerabilities described in this article and...
CVE-2025-49809
CVE-2025-49809 affects mtr up to version 0.95. In certain privileged contexts, execution of a program specified by the MTR_PACKET environment variable is mishandled, enabling potential local impact. Public details consistently mention macOS sudo-related considerations due to Homebrew not installi...
CVE-2025-49809
mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...
kafka-clients: privilege escalation to filesystem read-access via automatic ConfigProvider
A flaw was found in Apache Kafka Clients. Apache Kafka Clients accepts configuration data for customizing behavior and includes ConfigProvider plugins to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider...
Security Bulletin: Security Vulnerability in Apache Kafka Client Affects IBM Sterling B2B Integrator and IBM Sterling File Gateway (CVE-2024-31141)
Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnearbility in Apache Kafka Client Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kaf...
Astra Linux – Vulnerability in grub2
A flaw was discovered in grub2. During the network boot process, when attempting to search for the configuration file, grub copies data from a user-controlled environment variable into an internal buffer using the grubstrcpy function. During this step, it fails to consider the length of the...
GO-2025-3745 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk
listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user in github.com/knadh/listmonk. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is...
Environment Variable Exposure
github.com/knadh/listmonk is vulnerable to Environment Variable Exposure. The vulnerability is due to the use of env and expandenv template functions in Sprig, which allows non-super-admin users to capture sensitive environment variables in multi-user installations...
CVE-2025-49136 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...
CVE-2025-49136 listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
listmonk is a standalone, self-hosted, newsletter and mailing list manager. Starting in version 4.0.0 and prior to version 5.0.2, the env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on host. While this may not be a problem on single-use...
GHSA-JC7G-X28F-3V3H listmonk's Sprig template Injection vulnerability leads to reading of Environment Variable for low privilege user
Summary The env and expandenv template functions which is enabled by default in Sprig enables capturing of env variables on the host. While this may not be a problem on single-user super admin installations, on multi-user installations, this allows non-super-admin users with campaign or template...
listmonk 安全漏洞
listmonk is a high-performance, self-hosted, newsletter and mailing list manager with a modern dashboard by the individual developer Kailash Nadh. A security vulnerability exists in listmonk versions prior to 5.0.2, which stems from a template function capturing an environment variable that could...
PT-2025-24526 · Sprig +1 · Sprig +1
Name of the Vulnerable Software and Affected Versions: Listmonk versions 4.0.0 through 5.0.2 Description: Listmonk is a standalone, self-hosted, newsletter and mailing list manager. The env and expandenv template functions, enabled by default in Sprig, allow capturing of environment variables on...
CVE-2025-48934
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...
CVE-2025-48934
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the Deno.env.toObject method ignores any variables listed in the --deny-env option of the deno run command. When looking at the documentation of the --deny-env option this might lead to a false...
CVE-2025-48934
CVE-2025-48934 affects Deno runtime prior to v2.1.13 and v2.2.13, where Deno.env.toObject() can reveal environment variables despite --deny-env, due to the reading of variables exempt from the deny filter. The issue allows code to access most environment variables via toObject, potentially leakin...