CVE-2025-24959

CVE-2025-24959 affects zx (versions prior to 8.3.2) due to an Environment Variable Injection flaw in dotenv.stringify, allowing an attacker controlling environment variable values to inject variables into process.env. Impact can include arbitrary command execution or unexpected behavior in securi...

SUSE-SU-2025:20007-1 Security update for less

This update for less fixes the following issues: - CVE-2024-32487: Fix a bug where mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. bsc1222849...

zx 代码注入漏洞

zx is a Google open source tool for writing scripts. A code injection vulnerability exists in zx version 8.3.1, which stems from the presence of an environment variable injection vulnerability that can lead to command execution or abnormal behavior...

The vulnerability of the br_dev_xmit() function in the net/bridge/br_device.c module of the Linux operating system allows a attacker to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the brdevxmit function in the net/bridge/brdevice.c file of the Linux operating system is related to the use of an uninitialized variable. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and accessibility of the protected information...

PT-2025-4035 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: A Reflected Cross-Site Scripting issue has been identified, allowing an authenticated attacker to craft a malicious URL by leveraging the "/embedai/users/show/" endpoint. This enables the injectio...

CVE-2024-54536

The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables...

CVE-2024-54536

The CVE-2024-54536 issue affects macOS Sequoia (15.2). It arises from insufficient validation of environment variables, allowing an app to edit NVRAM variables. Apple fixed this by improving environment variable validation in Sequoia 15.2. The available public descriptions confirm the vulnerabili...

CVE-2024-11931

GitLab CVE-2024-11931 affects GitLab CE/EE versions 17.0–17.6.3, 17.7–17.7.2, and 17.8–17.8.0, enabling developers to exfiltrate protected CI variables via CI lint under certain conditions. The connected docs do not provide a detailed root cause beyond the issue description. A patch release (GitL...

GitLab 17.0 < 17.6.4 / 17.7 < 17.7.3 / 17.8 < 17.8.1 (CVE-2024-11931)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from 17.8 prior to 17.8.1. Under certain conditions, it may have...

CVE-2025-0693

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account...

CVE-2025-0693 Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account...

Gitlab -- Vulnerabilities

Gitlab reports: Stored XSS via Asciidoctor render Developer could exfiltrate protected CI/CD variables via CI lint Cyclic reference of epics leads resource exhaustion...

GHSA-W2GF-JXC9-PF2Q sniff_csv provides filesystem access even when enable_external_access is disabled in duckdb

Summary Content in filesystem is accessible for reading using sniffcsv, even with enableexternalaccess=false. Details During a pentest, a security researcher was able to access environment variable data and other system data by using the sniffcsv function, even though we set enableexternalaccess ...

CVE-2025-21662

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmdallocindex, fails cmdworkhandler needs to complete ent-slotted before returning early. Otherwise the task which issued the command may hang: mlx5core...

CVE-2025-21662 net/mlx5: Fix variable not being completed when function returns

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmdallocindex, fails cmdworkhandler needs to complete ent-slotted before returning early. Otherwise the task which issued the command may hang: mlx5core...

UBUNTU-CVE-2024-57936

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxtre: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causin...

Amazon Corretto Java 11.x < 11.0.26.4.1 Vulnerability

The version of Amazon Corretto installed on the remote host is 11 prior to 11.0.26.4.1. It is, therefore, affected by a vulnerability as referenced in the corretto-11-2025-Jan-21 advisory. - Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stac...

[SECURITY] [DLA 4020-1] libreoffice security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4020-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès January 19, 2025 https://wiki.debian.org/LTS -...

SUSE CVE-2024-36476

In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ibsge list' is accessible Move the declaration of the 'ibsge list' variable outside the 'alwaysinvalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ibsge list' was...

Octopus Kubernetes 安全漏洞

Octopus Kubernetes is a cloud-native device management system from Octopus. A security vulnerability exists in Octopus Kubernetes that stems from a sensitive variable that can be written in plaintext to a Kubernetes script pod log...