Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-526 (通过环境变量导致的信息暴露) — Vulnerability Class 15

15 vulnerabilities classified as CWE-526 (通过环境变量导致的信息暴露). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40153 PraisonAIAgents Affected by Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool — PraisonAIAgents 7.4 High2026-04-09
CVE-2025-36105 IBM Planning Analytics Advanced Certified Containers is vulnerable to a sensitive information disclosure vulnerability — Planning Analytics Advanced Certified Containers 4.4 Medium2026-03-10
CVE-2025-27899 Multiple vulnerabilities in IBM Java SDK affecting Db2 Recovery Expert for Linux, Unix and Windows — DB2 Recovery Expert for LUW 5.3 Medium2026-02-17
CVE-2025-36017 IBM Controller Information Disclosure — Controller 6.5 Medium2025-12-08
CVE-2025-9162 Org.keycloak/keycloak-model-storage-service: variable injection into environment variables — keycloak 4.9 Medium2025-08-21
CVE-2023-43029 IBM Storage Virtualize vSphere Remote Plug-in information disclosure — Storage Virtualize vSphere Remote Plug-in 6.8 Medium2025-03-21
CVE-2024-12604 Improper Authentication in Tapandsign Technologies Tap and Sign App — Tap&Sign App 6.5 Medium2025-03-10
CVE-2025-0985 IBM MQ information disclosure — MQ 5.5 Medium2025-02-28
CVE-2024-11736 Org.keycloak:keycloak-quarkus-server: unrestricted admin use of system and environment variables 4.9 Medium2025-01-14
CVE-2024-4369 Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure 6.8 Medium2024-04-30
CVE-2024-2700 Quarkus-core: leak of local configuration properties into quarkus applications 7.0 High2024-04-04
CVE-2023-5720 Quarkus: build env information disclosure via gradle plugin — gradle-plugin 7.7 High2023-11-15
CVE-2023-47615 Telit Cinterion BGS5 安全漏洞 — BGS5 3.3 Low2023-11-09
CVE-2023-35931 Shescape potential environment variable exposure on Windows with CMD — shescape 3.1 Low2023-06-23
CVE-2014-2377 Ecava IntegraXor SCADA Server Information Exposure Through Environmental Variables — IntegraXor SCADA Server 5.3 -2014-09-15

Vulnerabilities classified as CWE-526 (通过环境变量导致的信息暴露) represent 15 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.