CVE-2026-35366

A flaw was found in the printenv utility within uutils coreutils. This vulnerability allows an attacker to conceal malicious environment variables by using invalid UTF-8 byte sequences. As a result, security tools and administrators may not detect these hidden variables, which could enable...

EUVD-2022-44892

Malicious code in bioql PyPI...

Imperative CLI vulnerable to Command Injection

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2021-4326

A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI...

CVE-2022-41716

Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavi...

OpenBSD 3.94.0 - ld.so Local Environment Variable Clearing

OpenBSD 3.94.0 - ld.so Local Environment Variable Clearing / source: https://www.securityfocus.com/bid/21188/info OpenBSD is prone to a local vulnerability that may allow attackers to pass malicious environment variables to applications, bypassing expected security restrictions. Attackers may be...