eBay API MCP Server Affected by Environment Variable Injection

The ebaysetusertokens tool allows updating the .env file with new tokens. The updateEnvFile function in src/auth/oauth.ts blindly appends or replaces values without validating them for newlines or quotes. This allows an attacker to inject arbitrary environment variables into the configuration fil...

PT-2026-21328

Name of the Vulnerable Software and Affected Versions eBay API MCP Server affected versions not specified Description The eBay API MCP Server, an open source local MCP server providing AI assistants with access to eBay's Sell APIs, is susceptible to Environment Variable Injection through the...

CLSA-2026-1769099972 httpd: Fix of 2 CVEs

CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables and added regression tests - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...

CLSA-2026-1768213076 httpd: Fix of 2 CVEs

CVE-2025-65082: fix CGI environment variable injection by preventing HTTP headers from overriding server-set variables - CVE-2025-66200: prevent suexec bypass by removing request notes usage and rejecting the undocumented RequestHeader note option...

EUVD-2021-25670

Malware in sbrugna...

EUVD-2019-4572

Malware in sbrugna...

EUVD-2008-4088

Malware in sbrugna...

EUVD-2014-2958

Malware in sbrugna...

EUVD-2013-3178

Malware in sbrugna...

EUVD-2025-0220

Malicious code in bioql PyPI...

EUVD-2024-41606

Malicious code in bioql PyPI...

EUVD-2024-31707

Malicious code in bioql PyPI...

EUVD-2024-2492

Malicious code in bioql PyPI...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Security Update

New Red Hat build of Keycloak 26.2.9 packages are available from the Customer Portal Red Hat build of Keycloak 26.2.9 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.9 and Red Hat build of Keycloak 26.2.9 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.0.15 Images Update

New images are available for Red Hat build of Keycloak 26.0.15 and Red Hat build of Keycloak 26.0.15 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Ha...

Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.2.8 Images Security Update

New images are available for Red Hat build of Keycloak 26.2.8 and Red Hat build of Keycloak 26.2.8 Operator, running on OpenShift Container Platform Red Hat build of Keycloak is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat...

Linux Distros Unpatched Vulnerability : CVE-2018-18249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga Web 2 before 2.6.2 allows injection of PHP ini-file directives via vectors involving environment variables as the channel to send information to the...

CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables

A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are...

Linux PAM Environment - Variable Injection Local Privilege Escalation

Exploit Title: Linux PAM Environment - Variable Injection Local Privilege Escalation Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: PAM pamenv.so module allows environment variable injection via /.pamenvironment leading to privilege escalation throu...