CVE-2026-32625

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

Malicious code in strapi-plugin-cms-tools (npm)

strapi-plugin-cms-tools is a malicious npm package disguised as a Strapi CMS plugin. On install, it runs a postinstall script that executes an 11-phase attack: stealing .env files, environment variables, Strapi configuration, private keys, Redis data, Docker/Kubernetes secrets, and network...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via improper validation of environment variable values in the container configuration process. An attacker can execute arbitrary commands as root on the host by injecting newlines into environment variables, which results...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

GHSA-7X29-QQMQ-V6QC GitHub Actions Script Injection in `ultralytics/actions`

Summary The Ultralytics action available at https://github.com/marketplace/actions/ultralytics-actions is vulnerable to GitHub Actions script injection. If anyone uses the action within a workflow that runs on the pullrequesttarget trigger, then an attacker can inject arbitrary code into that...

GitHub Actions Script Injection in `ultralytics/actions`

Summary The Ultralytics action available at https://github.com/marketplace/actions/ultralytics-actions is vulnerable to GitHub Actions script injection. If anyone uses the action within a workflow that runs on the pullrequesttarget trigger, then an attacker can inject arbitrary code into that...

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

CVE-2017-16060

CVE-2017-16060 describes the npm package babelcli, a malware package designed to hijack environment variables. The connected documents confirm that babelcli steals environment variables and exfiltrates them to attacker-controlled locations, and that all versions were unpublished from the npm regi...

SUSE SLES11 Security Update : openssh (SUSE-SU-2016:1528-1)

openssh was updated to fix three security issues. These security issues were fixed : - CVE-2016-3115: Multiple CRLF injection vulnerabilities in session.c in sshd in OpenSSH allowed remote authenticated users to bypass intended shell-command restrictions via crafted X11 forwarding data, related t...

Fedora 23 : openssh-7.2p2-3.fc23 (2016-7f5004093e)

Security fix for CVE-2015-8325: ignore PAM environment vars when UseLogin=yes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

PHP-Barcode 0.3pl1 - Remote Code Execution

PHP-Barcode 0.3pl1 Remote Code Execution The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows http://www.site.com/php-barcode/barcode.php?code=%TMP% Linux...

PHP-Barcode 0.3pl1 - Remote Code Execution

PHP-Barcode 0.3pl1 - Remote Code Execution PHP-Barcode 0.3pl1 Remote Code Execution The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...

PHP-Barcode 0.3pl1 Remote Code Execution

No description provided by source. PHP-Barcode 0.3pl1 Remote Code Execution The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...

PHP-Barcode 0.3pl1 Remote Code Execution

PHP-Barcode 0.3pl1 Remote Code Execution ================================= The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...

Fedora 13 : cgit-0.9-1.fc13 (2011-2815)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora 14 : cgit-0.9-1.fc14 (2011-2803)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...

Fedora 15 : cgit-0.9-1.fc15 (2011-2790)

In addition to closing a DOS vulnerability thanks to Jim Meyering, this upstream feature release adds the following enhancements : - Support for side-by-side diffs - Support for repo content in 'about' view - Improved integration with gitolite/gitweb - Support for git notes in commit/log view -...