CWE-526
17 CVEs classified under CWE-526. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45370 | High | 7.7 | 2026-05-14 | python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full copy of os.environ to e… |
CVE-2023-5720 | High | 7.7 | 2023-11-15 | A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain… |
CVE-2026-40153 | High | 7.4 | 2026-04-09 | PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command arg… |
CVE-2024-2700 | High | 7.0 | 2024-04-04 | A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build… |
CVE-2023-43029 | Medium | 6.8 | 2025-03-21 | IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after deployment. |
CVE-2024-4369 | Medium | 6.8 | 2024-04-30 | An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an environment variabl… |
CVE-2025-36017 | Medium | 6.5 | 2025-12-08 | IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in environmental variables fi… |
CVE-2024-12604 | Medium | 6.5 | 2025-03-10 | Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Tech… |
CVE-2025-0985 | Medium | 5.5 | 2025-02-28 | IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a local user. |
CVE-2025-27899 | Medium | 5.3 | 2026-02-17 | IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the sy… |
CVE-2025-9162 | Medium | 4.9 | 2025-08-21 | A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documen… |
CVE-2024-11736 | Medium | 4.9 | 2025-01-14 | A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable UR… |
CVE-2025-36105 | Medium | 4.4 | 2026-03-10 | IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment v… |
CVE-2026-49377 | Medium | 4.3 | 2026-05-29 | In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters |
CVE-2023-47615 | Low | 3.3 | 2023-11-09 | A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cint… |
CVE-2023-35931 | Low | 3.1 | 2023-06-23 | Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched i… |
CVE-2014-2377 | | 2014-09-15 | Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application t… |