EUVD-2026-21156

PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars...

PT-2026-31782

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openai model, openai key, and openai base without validating that these values do not contain commas. gcloud...

GO-2026-4891 act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act

act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act...

CVE-2026-34041

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

CVE-2026-34041

act: Unrestricted set-env and add-path command processing enables environment injection in github.com/nektos/act. Prior to version 0.2.86, act unconditionally processes deprecated ::set-env:: and ::add-path:: commands, allowing an attacker to inject environment variables or modify PATH for subseq...

CVE-2026-34041 act: Unrestricted set-env and add-path command processing enables environment injection

act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which was disabled due to environment injection risks. When a workflow step echoes untrusted data to stdout, an...

act: Unrestricted set-env and add-path command processing enables environment injection

Summary act unconditionally processes the deprecated ::set-env:: and ::add-path:: workflow commands, which GitHub Actions disabled in October 2020 CVE-2020-15228, GHSA-mfwh-5m23-j46w due to environment injection risks. When a workflow step echoes untrusted data to stdout, an attacker can inject...

CVE-2018-6441

A vulnerability in Secure Shell implementation of Brocade Fabric OS versions before 8.2.1, 8.1.2f, 8.0.2f, 7.4.2d could allow a local attacker to provide arbitrary environment variables, and bypass the restricted configuration shell...

IBM Informix Dynamic Server SET ENVIRONMENT Stack Buffer Overflow (CVE-2011-1033)

IBM Informix Dynamic Server is an online transaction processing data server. IBM Informix Dynamic Server functionalities include an implementation of SQL including SQL statements, data types, and system catalog tables that provide information regarding database structures. A stack-based buffer...

CVE-2011-1033

Stack-based buffer overflow in oninit in IBM Informix Dynamic Server IDS 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement...

CVE-2011-1033

IBM Informix Dynamic Server (IDS) 11.50 is affected by a stack-based buffer overflow in the oninit process when handling malformed USELASTCOMMITTED arguments in a SET ENVIRONMENT statement, enabling remote code execution. OpenVAS entries (Windows/Linux) corroborate RCE in IDS via the oninit path;...