23 matches found
CVE-2026-41196
A flaw was found in Luanti formerly Minetest, an open-source game platform. A malicious mod, when executed within the LuaJIT environment, can bypass security restrictions designed to isolate it. This allows the mod to execute unauthorized code and gain full access to the user's device, potentiall...
CVE-2026-6830
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...
CVE-2026-6830 Nesquena Hermes WebUI Environment Variable Credential Leakage via Profile Switch
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...
CVE-2026-6830
The CVE concerns nesquena Hermes WebUI, where switching profiles fails to clear environment variables from the previous profile, enabling leakage of sensitive credentials (e.g., provider API keys) between profiles. The underlying issue is residual environment variables that persist across profile...
CVE-2026-6830
nesquena hermes-webui contains an environment variable leakage vulnerability where profile switching does not clear environment variables from the previously active profile before loading the next profile. Attackers or users can exploit additive dotenv reload behavior to access provider API keys...
Hermes Web UI 安全漏洞
Hermes Web UI is a lightweight, dark-themed web interface developed by Nathan Esquenazi. Hermes Web UI has a security vulnerability that arises from the fact that environment variables of the active configuration file are not cleared before the next configuration file is loaded when switching...
CVE-2026-29648
In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation control...
Fortinet FortiIsolator 访问控制错误漏洞
Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...
Fortinet FortiIsolator Operating System Command Injection Vulnerability
Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...
Fortinet FortiIsolator 操作系统命令注入漏洞
Fortinet FortiIsolator is a Fortinet application that provides remote security isolation capabilities for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects critical business data from sophisticated threats on the Web...
Fedora: Security Advisory (FEDORA-2024-9cc0e0c63e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc38
gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...
[SECURITY] Fedora 40 Update: golang-gvisor-20240408.0-1.20240418git9e5a99b.fc40
gVisor is an open-source, OCI-compatible sandbox runtime that provides a virtualized container environment. It runs containers with a new user-space kernel, delivering a low overhead container security solution for high-density applications. gVisor integrates with Docker, containerd and Kubernete...
Logic flaw vulnerability in Tianrongxin's security isolation and information exchange system
Tianrongxin security isolation and information exchange system is the isolation equipment independently developed by Tianrongxin with independent intellectual copyright. The Tianrongxin Security Isolation and Information Exchange System has a logic flaw vulnerability that can be exploited by...
Command execution vulnerability in the Tianqing security isolation and information exchange system
Tianqing Security Isolation and Information Exchange System is an access control switch equipment with network isolation technology independently developed by Beijing Qixingchen Information Technology Co., Ltd, which provides high security isolation protection for key data. A command execution...
Command Execution Vulnerability in Network Debugging Interface of Tianqing Security Isolation and Information Exchange System
Tianqing Security Isolation and Information Exchange System is the access control switch equipment with network isolation technology independently developed by Qixing Information Technology Co., Ltd, which provides high security isolation protection for key data. A command execution vulnerability...
Arbitrary file readout vulnerability in the background sh***.php interface of the Tianqing security isolation and information exchange system
Tianqing Security Isolation and Information Exchange System is the access control switch equipment with network isolation technology independently developed by Qixing Information Technology Co., Ltd, which provides high security isolation protection for key data. There is an arbitrary file readin...
Arbitrary file reading vulnerability in the cu***.php interface of the background of the Tianqing security isolation and information exchange system
Tianqing Security Isolation and Information Exchange System is the access control switch equipment with network isolation technology independently developed by Qixing Information Technology Co., Ltd, which provides high security isolation protection for key data. There is an arbitrary file readin...
CVE-2019-10144
rkt through version 1.30.0 does not isolate processes in containers that are run with rkt enter. Processes run with rkt enter are given all capabilities during stage 2 the actual environment in which the applications run. Compromised containers could exploit this flaw to access host resources...
Command Execution Vulnerability in China_gate_edit_op.php, the Security Isolation Gateway of Beijing Yuanwei Software Co.
Beijing Yuanwei Software Co., Ltd. security isolation gateway is a multi-network security isolation system based on terminal virtualization technology and network virtualization technology. A command execution vulnerability exists in chinagateeditop.php, the security isolation gateway of Beijing...