Lucene search
K

2668 matches found

Debian
Debian
added 2025/05/27 1:55 p.m.16 views

[SECURITY] [DLA 4181-1] glibc security update

Debian LTS Advisory DLA-4181-1 [email protected] https://www.debian.org/lts/security/ Sean Whitton May 27, 2025 https://wiki.debian.org/LTS Package : glibc Version : 2.31-13+deb11u13 CVE ID : CVE-2025-4802 A flaw was discovered in the dynamic linking support in the GNU C Library, the C...

7.8CVSS6.8AI score0.0039EPSS
Exploits1
Huntr
Huntr
added 2025/05/25 6:55 a.m.6 views

Environment Variable XSS in Analytics Component

Description A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This allows...

9.6CVSS7.5AI score0.00458EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 10:34 a.m.5 views

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...

9.9CVSS7.6AI score0.00769EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:46 a.m.3 views

CVE-2024-27805

An issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, watchOS 10.5. An app may be able to access sensitive user data...

5.5CVSS7.1AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:2 a.m.7 views

CVE-2024-40632

Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service DoS attack by making requests to localhost:4191/shutdown. Linkerd cou...

3.7CVSS4.1AI score0.00444EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 7:21 a.m.7 views

CVE-2024-44674

D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub24E28, the HTTPREFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src...

5.7CVSS6.9AI score0.0393EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:51 a.m.6 views

CVE-2023-22746

CKAN is an open-source DMS data management system for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn't set a custom value via environment variables in the .env file...

8.6CVSS7AI score0.00693EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:36 a.m.12 views

CVE-2023-41154

A Stored Cross-Site Scripting XSS vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable...

5.4CVSS5.5AI score0.00397EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:55 a.m.6 views

CVE-2023-34236

Weave GitOps Terraform Controller aka Weave TF-controller is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This...

8.5CVSS6.6AI score0.00706EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:55 a.m.9 views

CVE-2023-24827

syft is a a CLI tool and Go library for generating a Software Bill of Materials SBOM from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFTATTESTPASSWORD environment variable. The...

7.5CVSS6.5AI score0.00791EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:57 p.m.4 views

CVE-2022-32553

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...

9CVSS7.3AI score0.01047EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:11 p.m.12 views

CVE-2022-39359

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, custom GeoJSON map URL address would follow redirects to addresses that were otherwise disallowed, like link-local or private-network. This issue is patched in versions...

6.5CVSS6.7AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:2 p.m.7 views

CVE-2022-32786

An issue in the handling of environment variables was addressed with improved validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system...

5.5CVSS5.8AI score0.02559EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.16 views

CVE-2021-43780

Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery SSRF. These vulnerabilities are only exploitable on installations where a...

8.8CVSS7.1AI score0.01005EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:21 p.m.9 views

CVE-2021-24226

In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the accessallyorderform shortcode is dumping serialize$SERVER, which contains all environment variables. The leakage occurs on all public facing pages containing the...

7.5CVSS6.8AI score0.05404EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:49 p.m.8 views

CVE-2020-12612

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files x86 folder and therefore uses the %ProgramFilesx86% environment variable. However, when this same policy gets pushed to a...

7.8CVSS7.5AI score0.00256EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:56 p.m.10 views

CVE-2020-9934

An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6. A local user may be able to view sensitive user information...

5.5CVSS5.3AI score0.03208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:10 a.m.4 views

CVE-2019-1010038

OpenModelica OMCompiler is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: OPENMODELICAHOME parameter changeable via environment variable. The attack vector is: Changing an environment variable...

9.8CVSS7.5AI score0.0254EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:21 a.m.10 views

CVE-2019-14257

pyraw in Zenoss 2.5.3 allows local privilege escalation by modifying environment variables to redirect execution before privileges are dropped, aka ZEN-31765...

7.8CVSS7.1AI score0.00644EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:11 a.m.8 views

CVE-2019-10844

nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries aka nnabla through v1.0.14 relies on the HOME environment variable, which might be untrusted...

9.8CVSS6.8AI score0.01552EPSS
Exploits0References1
Rows per page
Query Builder