CVEs classified under CWE-526, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2026-45370 — CVSS 7.7 (high): python-utcp is the python implementation of UTCP. Prior to 1.1.3, _prepare_environment() in cli_communication_protocol.py passes a full…
CVE-2023-5720 — CVSS 7.7 (high): A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system…
CVE-2025-28381 — CVSS 7.5 (high): A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all…
CVE-2026-40153 — CVSS 7.4 (high): PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars()…
CVE-2024-2700 — CVSS 7.0 (high): A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the…
CVE-2023-43029 — CVSS 6.8 (medium): IBM Storage Virtualize vSphere Remote Plug-in 1.0 and 1.1 could allow a remote user to obtain sensitive credential information after…
CVE-2024-4369 — CVSS 6.8 (medium): An information disclosure flaw was found in OpenShift's internal image registry operator. The AZURE_CLIENT_SECRET can be exposed through an…
CVE-2025-36017 — CVSS 6.5 (medium): IBM Controller 11.1.0 through 11.1.1 and IBM Cognos Controller 11.0.0 through 11.0.1 FP6 stores unencrypted sensitive information in…
CVE-2025-0985 — CVSS 5.5 (medium): IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD stores potentially sensitive information in environment variables that could be obtained by a…
CVE-2025-27899 — CVSS 5.3 (medium): IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further…
CVE-2014-2377 — CVSS 5.0 (medium): Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames…
CVE-2025-9162 — CVSS 4.9 (medium): A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within…
CVE-2024-11736 — CVSS 4.9 (medium): A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through…
CVE-2023-47615 — CVSS 3.3 (low): A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion…
CVE-2023-35931 — CVSS 3.1 (low): Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This…