Lucene search
K

58 matches found

CVE
CVE
added 2026/07/06 8:5 a.m.11 views

CVE-2026-46726

Apache Camel Vertx Websocket: the inbound WebSocket consumer maps external query/path parameters into the Exchange header map without HeaderFilterStrategy, enabling injection of Camel headers (e.g., CamelHttpUri) and potential server-side request forgery (SSRF) to attacker-controlled URIs. The HT...

7.5CVSS6AI score0.00536EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:5 a.m.8 views

EUVD-2026-41837

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side Request Forgery SSRF vulnerability in Apache Camel in Vertx Websocket component. The camel-vertx-websocket consumer mapped inbound WebSocket query and path parameters into the Camel Exchange header...

7.5CVSS6AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/30 7:21 p.m.7 views

CVE-2026-57231

A flaw was found in Podman, a tool for managing OCI containers and pods. A malicious container image can be crafted with an environment variable that has a key but no value, or an asterisk , to trick Podman. This vulnerability causes Podman to pass host environment variables into the container...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-413 Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token

Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository | pipeboard-co/meta-ads-mcp | | Affected version | ≤ 1.0.101 commit 496c988 7d14226; Versions 1.0.102–1.0.105 lack git tags, so patch status is unconfirmed. | |...

9.1CVSS6AI score0.0013EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.4AI score0.00404EPSS
Exploits1References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 2:15 p.m.13 views

Malicious code in walmart-shared-modules (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e6bfb508fa412e49b249eaf5529f175ebb14f0e7d9fe19a119e8cc9acf25505a Package declares preinstall: node poc.js, which on npm install collects host identity os.hostname, whoami/id, ipconfig/ip a output, scrapes environme...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/14 9:30 p.m.8 views

GHSA-FM77-94QM-4894 Crabbox: environment variable exposure vulnerability

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...

9.3CVSS5.8AI score0.00742EPSS
Exploits0References6
NVD
NVD
added 2026/05/14 8:17 p.m.35 views

CVE-2026-8634

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...

9.3CVSS0.00742EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 7:18 p.m.45 views

CVE-2026-8634 Crabbox < v0.12.0 Environment Variable Information Disclosure

Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens, cloud credentials, and broker tokens into the remote command environment. Attackers can exploit...

9.3CVSS0.00742EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 3 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - jenkins-2-plugins/subversion: XML parser is not preventing XML external...

8CVSS6.8AI score0.08235EPSS
Exploits1References41
Debian CVE
Debian CVE
added 2026/03/13 9:1 p.m.6 views

CVE-2026-32772

telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEWENVIRON SEND USERVAR...

4.7CVSS5.4AI score0.00187EPSS
Exploits1
CVE
CVE
added 2026/03/13 9:1 p.m.53 views

CVE-2026-32772

CVE-2026-32772 affects the inetutils telnet implementation (GNU inetutils) up to version 2.7. The issue allows a server to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR, leading to information disclosure. Debians advisories (DSA-6193-1, dla-4527-1) note that fixes...

4.7CVSS5.9AI score0.00187EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/02/17 8:22 p.m.8 views

CVE-2025-27899

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/07 11:41 a.m.7 views

WordPress Starred Review plugin <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable vulnerability

Reflected Cross-Site Scripting via PHPSELF Variable vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Starred Review versions = 1.4.2...

6.1CVSS6.2AI score0.00313EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2007-3690

Malware in sbrugna...

2.1CVSS6.4AI score0.00636EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-0439

Malware in sbrugna...

9.6CVSS8.1AI score0.0112EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2004-0374

Malware in sbrugna...

6.4CVSS6.1AI score0.02825EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-4499

Malware in sbrugna...

5CVSS6.4AI score0.01524EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-14853

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-0861

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00589EPSS
Exploits0References8
Rows per page
Query Builder